Changing from a "child like" parent domain to a proper top level domain

[GreenWeenie65]

A question for the wise members of this newsgroup from a lurker. I
have inherited the following infrastructure;

20 users at site A. Two Win2k servers with AD running in mixed mode.
The AD was configured as xxx.yyy.com. The primary server is the domain
controller and runs file and print sharing, while Exchange 2k is
running on the secondary server which is not a domain controller.
Email addresses are (e-mail address removed).

5 users at a remote site, connected by VPN to Site A One Win2k server
running in workgroup mode for file and print sharing. The users
connect to Site A to access the exchange server.

I think the preferred arrangement would be a single yyy.com domain,
with three member servers. I can set up two OUs to manage users and
resources based on their location, but I don't think they need to
have their own xxx.yyy.com domain forest.

I am looking for the simplest path from "here" to "there" and
would appreciate any input. The steps I am currently considering:

· Create the yyy.com AD on the remote site Win2k server.
· Join the xxx.yyy.com AD to the yyy.com AD
· Move all active directory objects from xxx.yyy.com to yyy.com
· Demote the xxx.yyy.com server and since it was the only DC,
deleting its domain
· Have the two head office Win2k servers join the new yyy.com AD.
Promote one or both to be DC.

Would this plan work? Are there any pitfalls or roadblocks in adopting
this approach? What steps (if any) would be required within exchange?
FYI we are considering an upgrade to Win2k3/Ex2003 so if that would
make things easier, we'd do that upgrade first.

 

[Paul Bergson]

You have me all confused. Just join these remote clients to your existing
domain.

At your remote site promote a member server to a domain controller (If you
only have 5 users do you really need a DC at this site?). Join all other
machines at the remote site to the domain. Promote the remote dc to a gc.
Create a new site for the remote site in Sites and Services and add the IP
Addresses of the remote site to the new site. Create user accounts at the
remote site within the new ou.

Make sure ALL clients are pointing to your AD dns server.



--


Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

This posting is provided "AS IS" with no warranties, and confers no rights.


A question for the wise members of this newsgroup from a lurker. I
have inherited the following infrastructure;

20 users at site A. Two Win2k servers with AD running in mixed mode.
The AD was configured as xxx.yyy.com. The primary server is the domain
controller and runs file and print sharing, while Exchange 2k is
running on the secondary server which is not a domain controller.
Email addresses are (e-mail address removed).

5 users at a remote site, connected by VPN to Site A One Win2k server
running in workgroup mode for file and print sharing. The users
connect to Site A to access the exchange server.

I think the preferred arrangement would be a single yyy.com domain,
with three member servers. I can set up two OUs to manage users and
resources based on their location, but I don't think they need to
have their own xxx.yyy.com domain forest.

I am looking for the simplest path from "here" to "there" and
would appreciate any input. The steps I am currently considering:

· Create the yyy.com AD on the remote site Win2k server.
· Join the xxx.yyy.com AD to the yyy.com AD
· Move all active directory objects from xxx.yyy.com to yyy.com
· Demote the xxx.yyy.com server and since it was the only DC,
deleting its domain
· Have the two head office Win2k servers join the new yyy.com AD.
Promote one or both to be DC.

Would this plan work? Are there any pitfalls or roadblocks in adopting
this approach? What steps (if any) would be required within exchange?
FYI we are considering an upgrade to Win2k3/Ex2003 so if that would
make things easier, we'd do that upgrade first.

 

[Steve Duff [MVP]]

Changing a domain name is neither a simple or riskless endeavor, especially
under Windows 2000. And in your situation I can see nothing on the
positive side of the ledger whatsoever to warrant such a change. The use
of a domain name such as "private.company.com" is perfectly proper and even
has some advantages when structuring public/private DNS. It's just a name - leave
well enough alone.

I personally would prefer a dc/gc at the remote site, but this depends on the
capabilities of the remote server, the VPN bandwidth and reliability, and
your own preferences. It should at least be a member server to facilitate
manageability.

Steve Duff, MCSE, MVP
Ergodic Systems, Inc.

A question for the wise members of this newsgroup from a lurker. I
have inherited the following infrastructure;

20 users at site A. Two Win2k servers with AD running in mixed mode.
The AD was configured as xxx.yyy.com. The primary server is the domain
controller and runs file and print sharing, while Exchange 2k is
running on the secondary server which is not a domain controller.
Email addresses are (e-mail address removed).

5 users at a remote site, connected by VPN to Site A One Win2k server
running in workgroup mode for file and print sharing. The users
connect to Site A to access the exchange server.

I think the preferred arrangement would be a single yyy.com domain,
with three member servers. I can set up two OUs to manage users and
resources based on their location, but I don't think they need to
have their own xxx.yyy.com domain forest.

I am looking for the simplest path from "here" to "there" and
would appreciate any input. The steps I am currently considering:

· Create the yyy.com AD on the remote site Win2k server.
· Join the xxx.yyy.com AD to the yyy.com AD
· Move all active directory objects from xxx.yyy.com to yyy.com
· Demote the xxx.yyy.com server and since it was the only DC,
deleting its domain
· Have the two head office Win2k servers join the new yyy.com AD.
Promote one or both to be DC.

Would this plan work? Are there any pitfalls or roadblocks in adopting
this approach? What steps (if any) would be required within exchange?
FYI we are considering an upgrade to Win2k3/Ex2003 so if that would
make things easier, we'd do that upgrade first.

 

[GreenWeenie65]

Thanks for your reply Steve.

The current domain name is actually cityA.company.com. The few staff
at the remote site located in cityB are reminded how they are less a
part of the "company" every time they have to connect to this
needlessly geographical domain. (It is an ongoing "people" issue that
the domain structure doesn't help with).

I agree with adding the remote cityB server (that is currently running
in workgroup mode) to the domain structure and am going to make it a DC
to reduce authentication traffic on the VPN and provide some
redundancy. I was just looking at this server addition to the domain
as perhaps an opportunity to creatively reorganize the overall naming
structure.

 

[GreenWeenie65]

Thanks for attempting to understand my post Paul.

I'll try to restate the problem. The company has two sites connected
by VPN (Say LA & NY) with 5 staff in LA and 20 in NY. The original
consultant created a domain called ny.company.com for the head office
in NY on a Win2k box. The exchange win2k server for all staff is also
in NY and part of the ny.company.com domain. (everyone's email is
@company.com.). The Win2k server in LA is setup in workgroup mode.
Staff in LA connect to the ny.company.com domain to access mail, and
for some file sharing.

From discussion with management they would like to remove the NY part

of their AD domain name, not for technical reasons, but for
appearances. Knowing it isn't possible to actually rename a domain
with Win2k server, I was trying to find a creative way to meet their
objectives.

 

[Paul Bergson]

I guess if you wanted to do it properly you would want to create a new
forest root domain. Use ADMT to migrate the users from ny across and add
the member from the workgroup.

Name it company.com and create all within this. Doesn't seem like much of a
need for ny or la child domains.

If this looks like a pain and you want ot do something quick and dirty look
at using upn suffixes.

--


Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

This posting is provided "AS IS" with no warranties, and confers no rights.