One domain has 300 users in A/D and the other has 1000.
The Domain with 300 users has internet access , while the
domain with 1000 does not. I need to connect the latter
domain so that they get access to the same internet
gateway as the domain with 300 users.
What will happen when I simply connect them together? I
have been told that the AD will NOt replicate between the
two, and therfore not have 1300 users spread across AD in
both parts of the new bigger domain.
Will I have to remove AD from the latter domain, join the
two and then add the users again?
otherwise you could use ldifde.exe and csvde.exe. all in all , good luck.
Also you cannot just SIMPLY connect them. I take it they are in separate
forests, if this is the case then a trust relationship may be possible.
"Alan" <a...@cooperscoborn.co.uk> wrote in message
news:bf8e01c20d2f$55f10cc0$3bef2ecf@TKMSFTNGXA10...
process is not as easy as it sounds so better try it in a test enviornment
b4 working on productions
"Alan" <a...@cooperscoborn.co.uk> wrote in message
news:bf8e01c20d2f$55f10cc0$3bef2ecf@TKMSFTNGXA10...
Nimish
"sam" <sam_sy...@hotmail.com> wrote in message
news:e3ujPDTDCHA.2884@tkmsftngp04...
"Alan" <a...@cooperscoborn.co.uk> wrote in message
news:bf8e01c20d2f$55f10cc0$3bef2ecf@TKMSFTNGXA10...
To answer your question about the gateways, you could have each domain point
to their own separate DNS servers to keep AD running in their own respective
domains and then give them a common gateway to give Internet access on the
same subnet? I don't see if there will be a prob as long as you keep with
TCP/IP since name resolution occurs thru DNS. But if you are in mixed mode
and still have down level servers, that could pose a problem due to NetBIOS
broadcasts unless you are using WINS in each respective domain. Granted
trusts cannot be made between them because of the identical names as Nimish
mentioned in his post.
But obviously this is a lame solution. As the other posts mention, you're
gonna have to sooner or later combine the users by some sort of solution to
export the users out of one of the domains with some sort of script method
into a txt file (using ldfide, csvde as the other posts have mentioned) or
even a VBS script and then import them into the new domain.
Here's another tact to combine them (that is if you trying to do so). You
could build another machine with AD in it's own forest for the sole purpose
of having an intermediate domain for a migration, which could be
decommissioned after you're done. Once you have it built, you could then use
ADMT or cloneprincipal (or whatever 3rd party tool you like) to move the
accounts from one of the domains that you want to get rid of and put them
into that new domain. Keep in mind you wouldn't be needing the SIDHistories
for these users since it would be a problem trying to connect to their
former resources because of the identical names. Then when that's
accomplished use ADMT again to move them into the other existing production
domain.
Ace