Re: Changing Domain Name

Hello Mike,

Firstly, thank you for your information. Secondly, what makes you think
that I am the one who did it? The company was split over a year ago and all
VPN connections have been severed, and the sellers AD objects, as far as I
can tell, have been removed. Just so you know, I DO NOT work for either
company. I USED to be a network admin for a few years but have found
something more lucrative, but I am still known to be a "computer guy" and
thus get calls to "look" at other people's networks and make recommendations
and if the price is right I'll fix it.

Once again thank you for your input.

Sincerely,

Ray


"Mike Brannigan [MSFT]" <mikebran@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:%23sWvfi9tFHA.3864@xxxxxxxxxxxxxxxxxxxxxxx
> Ray,
>
> You have done a truly unbelievable thing.
> You CANNOT just give someone some of your DCs and think you have segmented
> your domain.
> Also you are now chronically exposed from a security perspective. The
> purchaser of those DCs now has everything they need to gain access to any
DC
> , and any file on any system in the sellers environment environment.
> Divestitures of pieces of your company and associated Active Directory
> resource just does not work this way.
> You HAVE to set up a new forest for the buyer and migrate the appropriate
> resources (user, computers and file system etc) to this new forest.
> Anything else is opening up a veritable Pandora's box for nightmares for
you
> both.
>
> I'm sorry this all seems a little melodramatic but you cannot begin to
> understand the risk and incorrect nature of what has been done.
> I would urge you seek immediate professional advice from a qualified
> Microsoft certified partner to rectify this situation for you. - Basically
> you must now migrate all of your resource out of the Forest you have tried
> to split to a new one to regain any degree of security etc.
> In other words as you suggested - "redo the whole forest structure"
>
>
> --
>
> Regards,
>
> Mike
> --
> Mike Brannigan [Microsoft]
>
> This posting is provided "AS IS" with no warranties, and confers no
> rights
>
> Please note I cannot respond to e-mailed questions, please use these
> newsgroups
>
> "Ray Shiu" <rayshiu@xxxxxxxx> wrote in message
> news:OO64o82tFHA.1472@xxxxxxxxxxxxxxxxxxxxxxx
> > Mr. Sherman,
> >
> > Thank you for such a quick reply. You are correct, basically the seller
> > unplugged 3 DC's and turned it over to the buyer and there are many
issues
> > now with the buyer's network that I'm trying to resolve, it works but
not
> > as
> > well as I know it should. The seller's DC has all the FSMO's and such,
I
> > haven't tried to promote any dc's to "role holders" yet as I'm not too
> > well
> > versed in this area (as you've probably noticed).
> >
> > I was thinking about "redoing" the whole structure but kind of hesitant.
> > Would it be as "simple" as getting a new server configured, demoting all
> > the
> > existing DC's and joining them to the new domain. Then promote one of
the
> > old ones as the role holder and demote the new one (that was used to
start
> > the new domain) and take it off. Lastly, join all the workstations to
the
> > new domain? I then would need to recreate all the Users in AD, right?
Or
> > would they "import" to the new domain?
> >
> > Oh, this is a Windows 2000 Server forest. Thanks for the link...it
looks
> > like upgrading to 2003 and doing the rename stuff would be more cost
> > effective and less time consuming...is that right/possible?
> >
> > Thank you very much for your time and consideration to this.
> >
> > Sincerely,
> >
> > Ray
> >
> > "Doug Sherman [MVP]" <dsherman@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
> > message
> > news:u9y3N%23ytFHA.3628@xxxxxxxxxxxxxxxxxxxxxxx
> >> Need more information about the original AD structure, but it sounds
like
> >> the seller just unplugged one of its domain controllers and gave it to
> >> the
> >> buyer. If this is the case, then both networks will experience AD
> >> related
> >> errors.
> >>
> >> If this is/was a Windows Server 2003 forest, and the buyer's domain is
> >> the
> >> forest root domain, and you can seize roles and cleanup AD metadata to
> >> resolve any existing errors; then you might be able to use the rename
> > tools:
> >>
> >>
> >
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/TechR
> >> ef/996741d8-28e4-4d20-9949-8f17fb9d3cfd.mspx
> >>
> >> Most likely you would get a better result by building a new domain from
> >> scratch.
> >>
> >> Doug Sherman
> >> MCSE, MCSA, MCP+I, MVP
> >>
> >> "Ray Shiu" <rayshiu@xxxxxxxx> wrote in message
> >> news:eMkaWwxtFHA.4080@xxxxxxxxxxxxxxxxxxxxxxx
> >> > Hello,
> >> >
> >> > Is there a way I can change a servers domain name? For example, one
> >> company
> >> > has sold off a portion of their business. The buyers network have
been
> >> > taken off the original network but still have the old domain name.
> >> > They
> >> > want to change it to their own. I have seen their DNS and AD it
still
> > has
> >> > references to the old network and fills up the log files very
quickly.
> >> > Any help will be greatly appreciated.
> >> >
> >> > Ray
> >> >
> >> >
> >>
> >>
> >
> >
>
>


.