Re: Managing another domain via AD
- From: "Jorge Silva" <jorgesilva_pt@xxxxxxxxxxx>
- Date: Sun, 30 Apr 2006 20:28:26 +0100
Hi
The best that you can do with 2 different forests in this scenario, is to
create a Forest trust, which is transitive and can be 2 way direction
(Forest must be at Windows 2003 level).
As dw already told after this the best that you can do to have that domain
in your existent domain is through migration.
- To migrate accounts and mailboxes from one Exchange 2000 or Exchange 2003
forest to a separate Exchange 2000 or Exchange 2003 forest, it is
recommended that you first use the Active Directory Migration Tool (ADMT),
followed by the Exchange Migration Wizard.
First, run ADMT to create active user accounts in Active Directory. It is
recommended that you select the option for migrating security identifiers
(SIDs) so that ADMT adds the source account's SID to the new target
account's SID history attribute. (Migration Wizard uses the SID to match
mailboxes).
- It is also recommended that you do not disable the user account in the
source forest when you run ADMT. Exchange 2003 does not support disabled
mailbox accounts without associated external account.
- After you migrate the accounts, use Migration Wizard to migrate mailboxes.
If you migrated SIDs when you ran ADMT, Migration Wizard uses the SIDs to
match mailboxes to the new accounts and converts the accounts to
mailbox-enabled user accounts. If you did not migrate the SIDs , Migration
Wizard cannot match a mailbox to an account; instead, the wizard creates a
disabled user account to associate with the mailbox.
- There may be cases where you have to migrate mailboxes before you migrate
accounts. In these cases, Migration Wizard creates disabled user accounts to
hold mailboxes and associates new mailboxes with external Microsoft Windows
NT accounts. Later, when you use ADMT to migrate Windows NT accounts, new
accounts are created in Active Directory. As a result, Active Directory
contains two objects that relate to the same user. To merge these duplicate
objects, use the Active Directory Account Cleanup Wizard (Adclean.exe).
Adclean.exe is installed with Exchange-you can access it from Exchange
System Manager (click Start, point to Programs, point to Microsoft Exchange,
point to Deployment, and then click Active Directory Account Cleanup
Wizard).
Active Directory Migration Tool (ADMT).
http://www.microsoft.com/downloads/details.aspx?familyid=788975b1-5849-4707-9817-8c9773c25c6c&displaylang=en
--
I hop that helps
Good Luck
Jorge Silva
MCSA
Systems Administrator
"dw" <donWilwol@(EMAIL)yahoo.com> wrote in message
news:OaDTX2GbGHA.3376@xxxxxxxxxxxxxxxxxxxxxxx
Unfortunately your going to have to migrate. Check out ADMT or third party
tools. Exchange is usually the hardest part.
--
--------
Hope It Helps!
dw
_______________________________
Don Wilwol
Distributed Application Technologies.
dwilwol(DELETE)@datbusiness.com
http://spaces.msn.com/members/wilwol/
www.datbusieness.com
www.skyphere.com
"LincolnIT" <LincolnIT@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:7204D71A-6437-48E1-976F-C714439F30F3@xxxxxxxxxxxxxxxx
My company has taking over another company's server which is already
connected to ours via a site to site VPN. Their server is a Win2k3 DC in
its
own domain and we want to begin implementing group policies. Our domain
has
Win2k3 DCs.
But to make managing these group policies management easier we would like
to
have the 2 domains under 1 forest so that we don't have to remote into
the
other server all of the time.
So we are currently managing 2 domains, is there a way of combining the
2?
.
- References:
- Re: Managing another domain via AD
- From: dw
- Re: Managing another domain via AD
- Prev by Date: Re: Choose Global Catalog Authentication
- Next by Date: Re: Post NT4 to 2003 upgrade AD error
- Previous by thread: Re: Managing another domain via AD
- Next by thread: Re: Active Directory and Exchange MCP book
- Index(es):
Relevant Pages
|
