Re: Interforest domain restructure

AMDT only migrates user,computer, and group objects, & translates security.

No schema attributes, no GPO's. Of course you can purposefully re-create
/restore GPO's, but not unintentionally.

Inter-forest migration leaves the old forest intact. The computers and
member servers do migrate, but everything else remains in the old forest.

Still, such a substantial activity warrants considerable lab test time on
non production forests.

Virtual Machines are ideal sandboxes for such lab testing with the ability
to "rollback" and retest operations.
--
/kj
"Scuzzi" <Scuzzi@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:6C5A5623-1549-4D5D-B6E4-535DFA07B189@xxxxxxxxxxxxxxxx
Thanks Vincent.
Have already downloaded an perused the article you mention, along with
most
of the other information in this general TechNet area. Lots of stuff on
how
to do the migration, how to plan it etc., but I have not found anything on
how "contained" or "safe" the procedure is. I want to have details on what
is
allowed to migrate between the forests, and what is not. This will give me
confidence that I am leaving the problems behind in the old (source)
domain.


"Vincent Xu [MSFT]" wrote:

Hi,

I think you can refer to following article:

<http://technet2.microsoft.com/WindowsServer/en/Library/a281b8bc-71ea-45b2-b
0ca-8f55257c77301033.mspx>

Hope the information helps.

Best regards,

Vincent Xu
Microsoft Online Partner Support

======================================================
Get Secure! - www.microsoft.com/security
======================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others
may learn and benefit from this issue.
======================================================
This posting is provided "AS IS" with no warranties,and confers no
rights.
======================================================



--------------------
Thread-Topic: Interforest domain restructure
thread-index: AcZtmayLjaBkTIhUTeaRcWNASDUj4Q==
X-WBNR-Posting-Host: 192.146.150.3
From: =?Utf-8?B?U2N1enpp?= <Scuzzi@xxxxxxxxxxxxxxxxxxxxxxxxx>
Subject: Interforest domain restructure
Date: Mon, 1 May 2006 20:37:01 -0700
Lines: 10
Message-ID: <DC4626B1-2101-4095-82F0-2A9DA00309F3@xxxxxxxxxxxxx>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
Newsgroups: microsoft.public.windows.server.migration
Path: TK2MSFTNGXA01.phx.gbl
Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.windows.server.migration:23528
NNTP-Posting-Host: TK2MSFTNGXA01.phx.gbl 10.40.2.250
X-Tomcat-NG: microsoft.public.windows.server.migration

We are currently Windows Server 2003 AD. For various reasons, including
some
problems with AD schema (we ran a Cisco procedure which wrote
overlapping
entries on our schema - took ages to fix it), phantom and lingering
objects
and Group Policy problems, we have decided to create a pristine Windows
2003
domain in a new forest. I know we can use ADMT to move users, security
groups, SIDs etc. I am concerned that we might "pollute" the new clean
domain
with odds and sods from the old one, which would negate the benefits of
the
migration. Can anyone give me a definitive on exactly what comes over
in
the
migration? Will I be able to leave the GP and schema issues behind in
the
old
domain - effectively "shedding our skin?"





.

Relevant Pages

  • Re: Interforest domain restructure
    ... Inter-forest migration leaves the old forest intact. ... member servers do migrate, but everything else remains in the old forest. ... such a substantial activity warrants considerable lab test time on ... Subject: Interforest domain restructure ...
    (microsoft.public.windows.server.migration)
  • Re: a nice easy forestprep query
    ... Select articles and read upgrading your forest ... level is windows 2000 native and Forest Functional level is windows 2000 ... 3DC's and handful number of member servers. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Users from external forest to member server local group
    ... You can't use ADUC to set membership on member servers, ADUC works against AD, you need to work against the local SAM database on the member servers. ... But yes, if the AD forest trusts another domain, any members of that forest should be able to use global groups from the foreign domain. ... Joe Richards Microsoft MVP Windows Server Directory Services ...
    (microsoft.public.win2000.active_directory)
  • Active Directory Searching question
    ... I need to find all servers whether member servers or Domain Controllers in ... I have tried LDAP queries to the root of the ... forest as well as GC queries but nothing seems to work. ...
    (microsoft.public.windows.server.scripting)