Re: Integrating 3 DC into 1 and 2 replication servers
- From: "Paul Bergson [MVP-DS]" <pbbergs@xxxxxxxxxxxxxx>
- Date: Tue, 6 Oct 2009 07:49:15 -0500
First off you had best check with your countries rules to make sure you
aren't violating them, I know that there are some laws about controlling
this stuff from outside their borders. This may be why the prior folks who
managed this kept it this way. You could establish trusts and grant
permissions to users across these trusts.
It sounds like you have seperate forests that you want to merge, in AD
terminology it is often referred to as grafting. Unfortunately there isn't
a tool to do this directly. You have to establish a trust between the two
forests and then migrate them to one side or the other. There are tools to
provide this type of functionality including a free tool from Microsoft
named Active Directory Migration Toolkit (ADMT v3). This tool will assist
you in recreatingall the different objects within the forest as well as any
of the acl's and sacl's that might reside on any of the local machines that
you might choose to migrate from the old domain\forest.
As far as renames I don't think this will come into play since you will have
to build up new dc's anyways.
ADMT steps
Establish DNS communications between the two forests.
http://searchwinit.techtarget.com/expert/KnowledgebaseAnswer/0,289625,sid1_gci1101656,00.html
Create a trust between the two forests
http://technet.microsoft.com/en-us/library/cc780479.aspx
Download the ADMT Tool
http://www.microsoft.com/downloads/details.aspx?FamilyId=6F86937B-533A-466D-A8E8-AFF85AD3D212&displaylang=en
ADMT Migration Guide
http://www.microsoft.com/downloads/details.aspx?FamilyID=d99ef770-3bbb-4b9e-a8bc-01e9f7ef7342&DisplayLang=en
Perform the Migration
http://www.petri.co.il/active_directory_migration_tool_usage_w2k_windows_2003.htm
Webcast (The PPT is the only working piece for help now)
http://support.microsoft.com/?kbid=325393
--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
Microsoft's Thrive IT Pro of the Month - June 2009
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.
"Teo Homsany" <teo@xxxxxxx> wrote in message
news:eTjhNfhRKHA.508@xxxxxxxxxxxxxxxxxxxxxxx
Hey guys!!
I have a current network configuration where I have 4 domain controllers
on 3 separate countries.
I am building a SSL VPN to enable connection between the 3 sites with the
main headquarter offices.
When I set up the VPN, I want to set the main office Windows 2003 Server
machine as the main Active Directory and Domain Controller.
The servers in the other countries I want to replicate whatever I have on
my primary DC so that users on each country can access their server
locally but will get the policies set up from the main DC server.
How can I accomplish that?
Do I need some special tool to migrate the accounts already on the other
DC's to the one that will be the primary?
If so what do you recommend?
Also I would need to rename the local domain for the server, for example
now it's something like s1.domain.local. Is there a way to change it to
another name? Will it affect the users already registered?
I am a bit lost on where should I start. I first need to migrate the
active directory accounts from each server to the primary and then set the
other servers as secondary domain controllers so they can replicate.
Is there a step by step example on how to accomplish this?
Thanks much in advance,
Teo
.
- References:
- Integrating 3 DC into 1 and 2 replication servers
- From: Teo Homsany
- Integrating 3 DC into 1 and 2 replication servers
- Prev by Date: Re: RODC ...
- Next by Date: Re: W2K3 DC on different network
- Previous by thread: Re: Integrating 3 DC into 1 and 2 replication servers
- Next by thread: Folder redirection
- Index(es):
Relevant Pages
|
