Re: Child Domain

Ok, I just want to toss out some assumptions I have at this point, so
please feel free to comment on them.

First, instead of creating a child domain, we can keep the domains
separate in a forest. Once we create a trust between the forests,
win.example.com users can access core services in example.com.

Secondly, by keeping the domains separate, we have two separate
schemas. We can pound away and modify the win.example.com schema as
needed, and if it blows up, the example.com domain is still functional
and serving up http and smtp to the outside world. Since a child
domain shares a common schema, would corrupting the schema in
win.example.com replicate to example.com?

Finally, and our main concern at the moment, we would like to map the
jdoe@xxxxxxxxxxx mailbox to the user 233344@xxxxxxxxxxxxxxxx In a
forest trust, is this possible? I think so, but thus far, the
win.example.com domain does not contain exchange attributes. I think
I need to run domainprep and forestprep.

Did I totally slaughter this? Any comments?


On Jul 11, 11:00 am, jwd <j...@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
You cannot move a domain from one forest to another. To achieve what you
are after you need to create a new child domain and then migrate users,
computers etc into this domain.

You say you currently have one forest for core services and one for students
and other users. Apart from the extra administrative overhead of running two
forests this is not a particularly bad setup for your type of environment
from a security point of view. Having a seperate forests for your
mischievous students and your core services gives you an extra layer of
security.

Best Regards
Joe Dunn MCSE

"germanshorthairpoin...@xxxxxxxxx" wrote:
Hello,

At our organization, we have the domains, example.com and
win.example.com. It looks like win.example.com was setup as a Domain
in a new forest. Is it possible to make win.example.com a child
domain of example.com?

More specifically, example.com was our initial domain for
administration. Eventually, we created win.example.com for students.
Users were scripted from our SIS and ERP systems into AD. Because it
is working well, we are adding faculty and staff into
win.example.com. We will use win.example.com for all users,
computers, etc, and use example.com as our core domain for servers
etc.

Thanks for your help!

Grant


.

Relevant Pages

  • Re: Collapse a forest -- how?
    ... you also have the move tree cmd but I suggest you to use the ADMT. ... You initially said that you needed to move objects and schema? ... Schema is forest wide, meaning that exists in ALL dcs in a given forest, so ... this is the way to move a child domain to the root domain of a forest? ...
    (microsoft.public.windows.server.active_directory)
  • RE: adprep /forest + /domain
    ... ADPREP /forest and /domain command-line tool is used to prepare the schema ... of the forest and domain. ... Microsoft Online Partner Support ...
    (microsoft.public.windows.server.migration)
  • Re: Adprep forest/domainprep
    ... With 2K Schema master you might have to enable schema updates unless it was ... First run adprep /forestprep. ... There are four Domain Functional Levels and three Forest Functional ... Windows Server 2003 Interim ...
    (microsoft.public.windows.server.active_directory)
  • Re: Child Domain
    ... The schemas of the two forests are completely separate. ... I wouldn't 'pound away' at the schema in win.example.com though as if you ... mailboxes in the same forest as the Exchange organisation. ... This is a disabled mailbox enabled account. ...
    (microsoft.public.windows.server.active_directory)
  • Re: 2000 to 2003
    ... I think you plan is OK as promoting a Windows Server 2003 DC and extending ... the forest schema are separate steps. ... |> We must run the Adprep commands to update the schema in the existing ...
    (microsoft.public.windows.server.migration)