switching from company.com to local.company.com - any possible problems?

Discussion in 'Active Directory' started by Evgen, Dec 30, 2005.

  1. Evgen

    Evgen Guest

    Dear all:
    First of all I want to wish you a Happy New year and a lot of joy and love
    in the new year.

    We have the Windows 2000 server network with internal name - company.com
    ( IP address space). Because we use www.company.com
    at internet as well (with real IP), we decided to switcch internal name
    space to local.company.com and switch to Windows 2003 servers.

    It going to be a fresh install, when we create a new forest on Windows 2003
    servers not connected first with current network. Later ,when we test them
    working we connect them and want to move profiles from current company.com
    to the future local.company.com.
    Is there any hidden problems in such a move? Is there a danger that after
    connecting new servers (with the name of third level) the current domain
    controllers (second level names) will try to take control over new site?
    Will it be possible to create trust relationship and move the profiles?

    Thank you for your reply in advance,

    Evgen, Dec 30, 2005
    1. Advertisements

  2. You may move profiles and accounts - but keep in mind that they will be
    *new* accounts. If you want these accounts to access resources in the
    original domain, SID History will have to be enabled.

    Servers from the original domain will not attempt to control the child
    domain. They will be in different forests. (I assume)

    You will be able to create trusts. If the original domain remains a Windows
    2000 domain, then you will be able to create an "external" trust between
    domains. If the original domain is upgraded to Windows Server 2003 and its
    functionality raised, you may be able to create an "inter-forest trust".

    Dave Shaw [MVP - Directory Services], Dec 30, 2005
    1. Advertisements

  3. Not really, this IS going to be a new forest, correct?
    No, remember this is a new forest, there will be no replication between the

    Will it be possible to create trust relationship and move the profiles?

    Yes, you will have to create a trust, before the trust can be created each
    domain needs to resolve the other. At least a one way trust, so the new
    domain has access permissions in the old domain. Then you can use ADMT to
    migrate the accounts, with SIDs, to the new domain, then the users will have
    access to the old profiles. You will have to give the new domain a new
    NetBIOS name due to the trust, but you don't have to use the Default NetBIOS
    name it uses when you DCPromo, (in your case that's going to be "local").
    After you migrate, everything over, break the trust, remove AD from the old
    servers, then you can add them as members or replicate DCs in the new

    Best regards,
    Kevin D. Goodknecht Sr. [MVP]
    Hope This Helps
    When responding to posts, please "Reply to Group"
    via your newsreader so that others may learn and
    benefit from your issue, to respond directly to
    me remove the nospam. from my email address.
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    Keep a back up of your OE settings and folders
    with OEBackup:
    Kevin D. Goodknecht Sr. [MVP], Dec 30, 2005
  4. Evgen

    Evgen Guest

    Dear Kevin:
    Thank you and happy new year!
    Evgen, Dec 30, 2005
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.