Domains and Trusts

[OFFYM]

I've got a windows 2003 network in three sites.

none of these sites are currently connected but will be tomorrow via VPN tunnels.

what i am trying to acheive is to create a global forest and incorporate all three sites together.

each site currently has it's own domain controller and i would like make 1 site the root domain and the other 2 child domains.


is it easy to just join the 2 sites to my main site as child domains to create the forest or is this a little more complex??

 

[pagy]

Why use child domains? go for 1 forest with 1 domain if possible and use an OU for each remote site.

Pick one office as your main office and use the domain there, then demote the servers at the other sites to member servers and then make them domain controllers in your domain.

There is some work to do with computers, users and migrating them to the 'new' domain but you can use the Active directory migration tool for that;

http://www.microsoft.com/downloads/...01-7dca-413c-a9d2-b42dfb746059&displaylang=en

Paul
MCSE 2003
MCSA 2003
MCITP Enterprise Administrator

If there are no stupid questions, then what kind of questions do stupid people ask? Do they get smart just in time to ask questions?
Scott Adams

 

[Davetoo]

You could just create trusts among the sites.

I'm Certifiable, not cert-ified.
It just means my answers are from experience, not a book.

There are no more PDC's! There are DC's with FSMO roles!

 

[OFFYM]

Hi Pagy

thanks for your reply

My main site is in the UK and the other 2 sites are in Miami and Sydney.

UK.com
Miami.com
Sydney.com

I would like keep UK as main domain and add the other 2 offices as sub domains/sites within my UK forest.

UK.com
Miami.UK.com
Sydney.UK.com

I do not have any IT on these sites so was hoping to join these domains to the main one without causing to much disruption to users machines trying to rejoin a new domain name.

was hoping to do this all in the background??

I may be asking a bit much to do this without being on site but is the above possible??

many thanks

 

[pagy]

Hmmmmm, ADMT can certainly migrate computers remotely, although having someone local to sort any problems is always a good idea. What is your actual business requirement??
To use ADMT and migrate everyone in you would have to have trusts in place, so maybe just use trusts as Davetoo said.

Paul
MCSE 2003
MCSA 2003
MCITP Enterprise Administrator

If there are no stupid questions, then what kind of questions do stupid people ask? Do they get smart just in time to ask questions?
Scott Adams

 

[OFFYM]

The project as a whole is we are an international business with sites in various countries.

Each site has Windows server 2003 with appropriate DC's and exchange servers.

Moving forward I would like to bring the whole global network as a forest.

because each site has it own domain name (same company) but different domain names, i would like to have the UK as the root domain and have the other sites come underneath this root.

In a perfect senario once the VPN links have been established i would like to just add Miami and Sydney to the root of UK.

going from this structure.....
UK.com
Miami.com
Sydney.com

To this structure..........

UK.com
Miami.UK.com
Sydney.UK.com

My self and another collegue in my office in the UK will be the enterprise admins.

If I try and change domain names for the 2 sub sites then it will require being at client machines and changing domain names etc..

i just wanted to get the above network/server background structure in place without messing about to much with the remote sites client configurations..

Hope this makes sense and any battle plan on how to approach this would be greatly appreciated.

many thanks

 

[pagy]

You can't add existing domains as sub domains in a different forest.

f I try and change domain names for the 2 sub sites then it will require being at client machines and changing domain names etc..

No you don't have to be at the client machines, that's why I keep going on about ADMT as that can do those bits for you without you physically having to be present.

Using the model you want;
uk.com
miami.uk.com
sydney.uk.com

you would still have to demote the domain controllers in miami.com and sydney.com to member servers and then promote them as domain controllers in the respective sub domains. Having Exchange in the mix adds another layer of complication, as you can only have 1 exchange org in a forest, so you would need to migrate the mailboxes from sydney.com and miami.com to your exchange org in uk.com.

Paul
MCSE 2003
MCSA 2003
MCITP Enterprise Administrator

If there are no stupid questions, then what kind of questions do stupid people ask? Do they get smart just in time to ask questions?
Scott Adams