aaron said:
Hi,
So even if the new domain name is in an entirely separate forest I still
can't migrate to it if it's called the same name as the old domain? If I
setup the new forest and new domain with it's own DNS server that doesn't
communicate with my other DNS server from the old domain will that allow me
to use the same domain name for the new domain?
No, that will fail because the "name" will always resolve
back to the domain that is searching (for the other domain.)
It's sort of the same effect when two machines have the same
IP -- at best they cannot communicate with each other.
Also note that trusts may involve NetBIOS resolution (re:
previous WINS discussions.)
When you speak of the upgrade, can we upgrade to windows 2003 and move out
of our existing forest & create a new forest w/out losing our AD info?
No, but you can upgrade the existing domains within the existing
forest and keep all of your info.
Is your goal REALLY to "leave the forest" or to just obtain
a "new forest?"
(There are almost no reasons for "new forest" unless you are
trying to EXIT an existing forest.)
My goal here is to move all AD info to a new forest and somehow keep the
same name as the old domain. Since we're starting fresh we also want to go
to Windows 2003.
Win2003 is neither going to help you or hurt
you.
You keep saying your goal is a "new forest" but
you don't mention your REAL goal?
What are you trying to accomplish by this new forest?
Unfortunately because we have to move our entire domain to
a new forest, once we remove the last DC from the old domain, all our AD
info is lost. That's why we have to create a new forest/domain first to
transfer the data to.
True. You can export (most of it) the information using the
LDAP tools etc (start with LDIFDE.exe) and then import
them at the destination (after creating the new domain/forest)
but these won't be teh 'same' objects, just new copies of them.
(Permissons will need massaging -- see SubInAcl.exe for that.)
In the line below should both the new domain and the old be pointing to the
same DNS servers?
Not if the names clash. You can't really get around that
in a way that seems reliable.
We use BIND which doesn't support dynamic updates so I
assume we have to put the records in manually for the new domain right, or
can we just point the new domain to the WINS servers of the old and that
will work?
It is impractical to use a NON-dynamic DNS server set to
support AD -- this may actually cause you more problems
than you immediate issue.
You need to enable BIND dynamic updates or switch to
MS.
By the way, if you have this BIND limitation due to your current
domain/zone hierarchy THIS would be a good time to RENAME
your domain so that you can run you own DNS separate from that
non-dynamic set.
Whoever or whatever is keeping you from the dynamic updates
is doing your company a DISSERVICE. Windows
AD has a practical REQUIREMENT for dynamic updates.
I have not setup any trusts. In the instructions it seemed a trust was not
needed? In your experience should I setup a trust for the migration?
Yes, a trust is needed at least (some say two way trust) from Source
Domain to Destination domain for tools like ADMT to work.