AD Domain or server in Workgroup

Microsoft Windows server 2003
April 8, 2010 at 14:40:38
Specs: Windows 2k3, Intel 3Ghz / 2GB
Hi all,

We have built an Virtual AD Domain on ESXi 3.5 u4 (containing 1 DC and 1 File server) which is currently in testing fase.
I would like to receive some opinions in order to make a decision.
The question is:
Suppose a company wants us in the near future, to use their facilities in their forest. What is wisdom?
This is the way I currently see the options...
1: Demote then to a child domain and create a trust in an existing forest in the near future, which could be a lot of work.
2: Create a forest trust, which has limited use of their facilities.
3: Or just demote the AD now and use the virtual servers in a Workgroup for the time being.
Need some suggestions here.

Assumption is the mother of all f*ck-ups.


See More: AD Domain or server in Workgroup

Report •

#1
April 9, 2010 at 10:24:49
Given your criteria, which is along the lines of a two company merger, the forest trust or the demotion/removal of your forest to then promote/join their forest with your hardware/programs are the usual options.

Coming into the existing forest as a child domain is not usually an option since the existing forest would need to be redesigned with a root forest to then have both companies as child domains under a single forest.


Report •

#2
April 13, 2010 at 10:11:45
I have been wondering about this my self. Is there proper steps to take when doing this and if so what are they?

I know if you do not do them right you can make a real mess of your ACLs and GPOs and it could take a while to get them back to where they were. I have seen scripts that where unsupported by Microsoft, that would backup your AD users and GPOs and import them back into a AD once it has been joined to a new forest. Are there some supported ways of doing this?

P.S. Sorry to interrupt but is is something I have been wondering too.


Report •

#3
April 13, 2010 at 11:35:56
Hi there wanderer,

Thanks for your input here, and b.t.w, that is what I already thought of myself.
However, is there a list of actions you can or can't do along with the configuration you're in?
I mean, except of trial and error, is there a list to generate of what one can do given the configuration your in like:
In general, in a forest trust you can do ....., and cannot do ....... .
And in a trust between 2 child domains you can do ......, and you cannot do..... etc.
How can I determine this, is there a tool out there?


Kind regard,

Mario,

Student MCSE

Kind regard,

M.Karèl,

Student MCSE


Report •
Related Solutions


Ask Question