Re: Organization split - comments welcome


"Chad Hooper" <chadh@xxxxxxxxxxxxxxxxxx> wrote in message
news:9225B426-2B21-403F-85A7-D89ED4FFD504@xxxxxxxxxxxxxxxx
Cheers, Herb.

Totally separate network; totally separate part of the city!!

You should be find. Distance doesn't matter. Could be different
parts of the same campus as long as they will never connect up
directly.

Could be a problem on the other side of the world were they
to ever connect up directly.


It's pretty much what I was planning to do, but just wanted somebody else
to give the thumbs up to be on the safe side.

I think you will be cool. The few POSSIBLE issues will never
happen and even those aren't likely or even impossible to avoid.

Main mistakes would be to leave "accounts" or "resources"
belonging to the OTHER domain around.


Thanks again.


"Herb Martin" <news@xxxxxxxxxxxxxx> wrote in message
news:OWTfvQPwIHA.1236@xxxxxxxxxxxxxxxxxxxxxxx

"Chad Hooper" <chadh@xxxxxxxxxxxxxxxxxx> wrote in message
news:E7AF2B23-AA01-49FD-BD08-AC7C54B28F5D@xxxxxxxxxxxxxxxx
Thanks for your comments, Paul.

Assuming they are never going to join again, do you anticipate any other
problems? The way things have gone between the two organisations, there
is absolutely no chance of them joining again.

Or even being on the "same network".


Obviously. before commencing the work, I would advise them that a rejoin
is completely out of the question.

Bottom line is, they didn't like my quote for the work involved, so I
wanted to come up with a cheaper alternative for them - I'd rather give
them a good cheap alternative rather than have them get somebody else to
do the same work I'm planning without researching all of the
consequences for them.

If the LANs were to be separated permantly, I would be willing to
just take some DCs for one of them and some others for the other
company.

Seize roles on the one without the role holders, remove users/computers
and use NTDSUtil "metadata cleanup" to remove DCs, etc.

Delete any profiles and shared resources belonging to the other company,
etc.

Unless there is something present you haven't mentioned this should work
out fine.


Thanks again for your comments - it's much appreciated.

Chad

"Paul Bergson [MVP-DS]" <pbergson@xxxxxxxxxxxxxxxxx> wrote in message
news:OBGSdm$vIHA.3968@xxxxxxxxxxxxxxxxxxxxxxx
Sounds to me like you want to prune the domain and end up having the
same domain in both organizations. This is totally unsupported by
Microsoft and I would recommend against doing it, even though I have
done this in the past successfully. The reason I wouldn't do it is the
folks are constantly saying they want something different and at some
point you don't know if they will decide to want to have the two back
together again and at that point you are going to have to manually
recreate everything in one of the domains. If you were to create a
second domain and they wanted things back you could create a trust -or
use a migration tool to move them back, none of this is possible with
this request you have made.

I would suggest creating a new domain and migrate using ADMT.

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no
rights.

"Chad Hooper" <chadh@xxxxxxxxxxxxxxxxxx> wrote in message
news:F0C60C1C-8119-42F3-A2FD-D1DAA995DA49@xxxxxxxxxxxxxxxx
I've got a job I need to do. I have a plan, but would welcome any
comments on it.

First let me give you a bit of history - I have a client who operated
from a single office with two very distinct departments. They were
using Windows SBS 2003 Standard Edition. About a year ago, they
decided that the two departments were going off in very different
directions and decided that it would be in everyones best interest
(except mine!) to move to separate offices, and run as two separate
organisation. However, they both wanted to share the same email
domain.
So, an additional server was purchased running Windows 2003 Server,
and Exchange 2003 Server and all resources used by one of the
departments were moved to the second server. I chose not to set any
new domains up, and just reorganised the AD using OUs.
When the move finally occurred, I set up a VPN between the two
separate offices, and secured resources for each side using security
groups. Everything has worked fine, and everyone (including me!) is
happy.


Now, however, the offices have decided that they want to split
completely - including email domains. The side that is currently using
the SBS server will retain the email domain, the other side will be
registering a new domain. The side that doesn't currently have the SBS
server have become very reliant on the Remote Web Workplace (the
ability to RDP to any machine on their network) - up until now, they
have been logging on to the SBS 2003 'remote' site and then accessing
their desktops (this has worked fine due to the VPN being in place),
but once the split occurs, they will no longer have access to this.

In order to retain this feature, the only method would have been to
reinstall their server with SBS 2003 - a hell of a lot of work just
for access to their desktops via a website.

However, I have a new plan. Since Windows 2008 includes Terminal
Services Gateway, I could install that in their office on a second
server without the need to spend days reinstalling a server,
transferring data, and reconfiguring desktops.

So here's the plan (and the reason why it's posted in the
active_directory newsgroup and not the SBS one). I know the plan will
work, but any comments, suggestions, recommendations would be most
welcome:

-Transfer all FSMOs to Site A (I think they're probably already there
anyway)
-Sever the VPN link between the two offices permanently
-On the server in Site B Seize all FSMO roles
-Delete all references to Site B on the server in Site A (ie Site B
users, serverB, Site B OUs etc, etc)
-Delete all references to Site A on the server in Site B (ie Site A
users, serverA, Site A OUs etc, etc)

And as long as Site A never connects to Site B in the future (which it
won't), I can't see there being any issues. Basically, I'm just
simulating a server failure at each site, and then removing any
redundant data.

I don't completely like the idea of doing it this way, but it will
save a hell of a lot of work, and will achieve the end result that I'm
after. Any comments are very welcome.

Thanks for reading,

Chad Hooper
MCSE (NT,2000,2003)










.

Relevant Pages

  • Re: Server/Network setup question
    ... Let's keep the P2P network and the ... SBS server's internal NIC to the switch. ... The internal NIC of the SBS server will default to 192.168.16.2 during the ... you change the IP of the rented printer to 192.168.16.8 (or some ...
    (microsoft.public.windows.server.sbs)
  • Re: DHCP Fails on Authorized Server
    ... The DHCP shutdowns may because the SBS detects another DHCP in network. ... How to configure Internet access in Windows Small Business Server 2003 ... On the Connection Type page, click Broadband, and then click Next. ...
    (microsoft.public.windows.server.sbs)
  • RE: Problems with Permissions
    ... And SBS server is only take ... the role of an internal server. ... they are all configured to connected to internal network. ... g. Run the Configure Email and Internet Connection Wizard on SBS server. ...
    (microsoft.public.windows.server.sbs)
  • Re: ISA Server & a WiFi Hotspot (some DHCP for good measure too)
    ... ISA2k4 is currently not supported on SBS ... To review - you have LAN clients that you want to have ... card for your server. ... > network with 5 client computers. ...
    (microsoft.public.windows.server.sbs)
  • RE: VPN Connection Problems
    ... This newsgroup only focuses on SBS technical issues. ... | Subject: RE: VPN Connection Problems ... you can not ping anything on the SBS network from WAN. ... |> FQDN of the SBS server on the Web Server Certificate page. ...
    (microsoft.public.windows.server.sbs)