-1

we have a scenario wherein we have 2 forest. These forest are connected with a two-way trust

we have 1 domain under each forest. our domain controller servers are windows server 2008 R2

what we want to achieve is to move the domain controller from forest B to forest A

still the same domain name but now under the same forest as the domain A. So the end scenario will be 1 forest multiple domains.

is this even possible?

I know we could just do redo-domain B again, but we want to see if it is possible so we don't have to re-create the user accounts, and re-join other servers and workstation to domain B. Thanks.

Clark Devlin
  • 11
  • 1
  • 2

1 Answers1

2

You can't migrate a DC like this, but you can migrate the contents of the domain. This is how you should do it:

  1. Read the ADMT documentation

  2. Get another server. Make that a Domain Controller in Forest A, and create the new domain with it.

  3. Enable Password Migration on the old DC in Forest B

  4. Use ADMT (after you've thoroughly read step 1 and tested it in a lab) to move all of the other servers, users, computers, and permissions to the new domain. ADMT will keep track of SIDs and will update permissions on ACLs automatically. Cool, right?

In the end, you'll need at least one additional piece of hardware, but it can be a VM in the interim. Then you can demote the DC in Forest B once everything is moved and promote it in the new domain.

Side note: Having only 1 DC in a domain is really bad. You should really, really, consider adding a second one in each.

MDMarra
  • 100,734
  • 32
  • 197
  • 329
  • Thanks MDMarra, yes we have a secondary dc for each domain. so with ADMT .. we dont' have to rejoin the workstations and other member server that was joined to Domain B? – Clark Devlin Sep 14 '12 at 02:08
  • Reading your question, it sounded like you only had one each. Glad to hear that's not the case. – MDMarra Sep 14 '12 at 02:09
  • in step 2. create a new domain controller and create a new domain. does it mean we have to create a new dc under forest A with a new domain name? I'm thinking that when i create a new dc under forest A it would not allow mo to promote it as a dc using the same domain name as domain B, is this correct? – Clark Devlin Sep 14 '12 at 04:15
  • It will, but you'll have to do some name resolution magic to get ADMT to work. It's probably best to use a different FQDN. – MDMarra Sep 14 '12 at 09:05