Joining 2 domains

G

Guest

Hi,
I have 2 windows 2000 domains with active directory. These 2 domains were
separated since they have been created. Domain1 is the corporate domain
including all users in Domain1 and domain2 since domain2 users are using
exchange server on domain1. Now, I am thinking to have domain2 as a part of
domain1, and looking to make domain2 as a child of domain1, is that possible.
How I can do this change and transfer accounts? Is there any tool available
for this? What should I do on domain2 workstations, should I go to each
workstation and rejoin them to the new domain? Basically do you have any
suggestion to do this as easy as possible.
Thanks for any help-Rob
 
O

Oli Restorick [MVP]

You have two options. You can create a trust relationship between the two
domains, which will allow the trusted domain's users to access resources in
the trusting domain.

Another option would be to migrate all the users, computers and other
resources to the existing domain, so you'd end up with a single domain. The
final option would be to create a new child domain and migrate to that.

The tool for doing these migrations is the Active Directory Migration Tool
(ADMT). Search the Microsoft web site and you'll find plenty of info. It
can migrate your computers as well as your users.

Here's the download link for version 2 of the tool.

http://www.microsoft.com/downloads/...b1-5849-4707-9817-8c9773c25c6c&displaylang=en

Normally the ideal place to end up is having a single domain. There may be
some reasons why you may not want this, such as requiring two different
account policies, or because of political or administrative reasons.

One thing to bear in mind if you're thinking of the parent-child scenario is
that a domain is not a security boundary. A forest is the security
boundary, so bear in mind that it is possible for administrators of the
child domain to become administrators of the parent domain. In addition,
you'd need to obtain some extra domain controllers while you perform this
type of migration. This is the least desirable option in most cases.

Regards

Oli
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Server 200 Domain and Server 2003 Domain 4
2k to 2k3 Trust active but, can't see users from 2k3 domain 2
Change Domain 1
Moving Forest Roles 1
probems creating trust 3
Trust Relationship stopped only one-way. 2
Browser issues 4
Can't establish trust between 2 domains 2

Top