Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » Integrating 3 DC into 1 and 2 replication servers
Integrating 3 DC into 1 and 2 replication servers [message #161668] Mon, 05 October 2009 17:58 Go to next message
Teo Homsany  is currently offline Teo Homsany  Mexico
Messages: 2
Registered: October 2009
Junior Member
Hey guys!!
I have a current network configuration where I have 4 domain controllers on
3 separate countries.
I am building a SSL VPN to enable connection between the 3 sites with the
main headquarter offices.
When I set up the VPN, I want to set the main office Windows 2003 Server
machine as the main Active Directory and Domain Controller.
The servers in the other countries I want to replicate whatever I have on my
primary DC so that users on each country can access their server locally but
will get the policies set up from the main DC server.
How can I accomplish that?
Do I need some special tool to migrate the accounts already on the other
DC's to the one that will be the primary?
If so what do you recommend?
Also I would need to rename the local domain for the server, for example now
it's something like s1.domain.local. Is there a way to change it to another
name? Will it affect the users already registered?
I am a bit lost on where should I start. I first need to migrate the active
directory accounts from each server to the primary and then set the other
servers as secondary domain controllers so they can replicate.
Is there a step by step example on how to accomplish this?

Thanks much in advance,

Teo
Re: Integrating 3 DC into 1 and 2 replication servers [message #161679 is a reply to message #161668] Mon, 05 October 2009 23:54 Go to previous messageGo to next message
meiweb  is currently offline meiweb  Germany
Messages: 2225
Registered: September 2009
Senior Member
Hello Teo,

It sounds for me that all DCs are in separate domains/forests. So if you
like to built one forest/domain you have to use ADMT to migrate all:
http://www.microsoft.com/downloads/details.aspx?familyid=6F8 6937B-533A-466D-A8E8-AFF85AD3D212&displaylang=en

http://www.microsoft.com/downloads/details.aspx?familyid=B1F 816C0-4E2B-4E5D-B256-1AC304062367&displaylang=en

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Hey guys!!
> I have a current network configuration where I have 4 domain
> controllers on
> 3 separate countries.
> I am building a SSL VPN to enable connection between the 3 sites with
> the
> main headquarter offices.
> When I set up the VPN, I want to set the main office Windows 2003
> Server
> machine as the main Active Directory and Domain Controller.
> The servers in the other countries I want to replicate whatever I have
> on my
> primary DC so that users on each country can access their server
> locally but
> will get the policies set up from the main DC server.
> How can I accomplish that?
> Do I need some special tool to migrate the accounts already on the
> other
> DC's to the one that will be the primary?
> If so what do you recommend?
> Also I would need to rename the local domain for the server, for
> example now
> it's something like s1.domain.local. Is there a way to change it to
> another
> name? Will it affect the users already registered?
> I am a bit lost on where should I start. I first need to migrate the
> active
> directory accounts from each server to the primary and then set the
> other
> servers as secondary domain controllers so they can replicate.
> Is there a step by step example on how to accomplish this?
> Thanks much in advance,
>
> Teo
>
Re: Integrating 3 DC into 1 and 2 replication servers [message #161698 is a reply to message #161668] Tue, 06 October 2009 06:49 Go to previous message
pbbergs  is currently offline pbbergs  United States
Messages: 1024
Registered: July 2009
Senior Member
First off you had best check with your countries rules to make sure you
aren't violating them, I know that there are some laws about controlling
this stuff from outside their borders. This may be why the prior folks who
managed this kept it this way. You could establish trusts and grant
permissions to users across these trusts.

It sounds like you have seperate forests that you want to merge, in AD
terminology it is often referred to as grafting. Unfortunately there isn't
a tool to do this directly. You have to establish a trust between the two
forests and then migrate them to one side or the other. There are tools to
provide this type of functionality including a free tool from Microsoft
named Active Directory Migration Toolkit (ADMT v3). This tool will assist
you in recreatingall the different objects within the forest as well as any
of the acl's and sacl's that might reside on any of the local machines that
you might choose to migrate from the old domain\forest.

As far as renames I don't think this will come into play since you will have
to build up new dc's anyways.

ADMT steps

Establish DNS communications between the two forests.
http://searchwinit.techtarget.com/expert/KnowledgebaseAnswer /0,289625,sid1_gci1101656,00.html

Create a trust between the two forests
http://technet.microsoft.com/en-us/library/cc780479.aspx

Download the ADMT Tool
http://www.microsoft.com/downloads/details.aspx?FamilyId=6F8 6937B-533A-466D-A8E8-AFF85AD3D212&displaylang=en

ADMT Migration Guide
http://www.microsoft.com/downloads/details.aspx?FamilyID=d99 ef770-3bbb-4b9e-a8bc-01e9f7ef7342&DisplayLang=en

Perform the Migration
http://www.petri.co.il/active_directory_migration_tool_usage _w2k_windows_2003.htm

Webcast (The PPT is the only working piece for help now)
http://support.microsoft.com/?kbid=325393


--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
Microsoft's Thrive IT Pro of the Month - June 2009

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.

"Teo Homsany" <teo@teo.com> wrote in message
news:eTjhNfhRKHA.508@TK2MSFTNGP06.phx.gbl...
> Hey guys!!
> I have a current network configuration where I have 4 domain controllers
> on 3 separate countries.
> I am building a SSL VPN to enable connection between the 3 sites with the
> main headquarter offices.
> When I set up the VPN, I want to set the main office Windows 2003 Server
> machine as the main Active Directory and Domain Controller.
> The servers in the other countries I want to replicate whatever I have on
> my primary DC so that users on each country can access their server
> locally but will get the policies set up from the main DC server.
> How can I accomplish that?
> Do I need some special tool to migrate the accounts already on the other
> DC's to the one that will be the primary?
> If so what do you recommend?
> Also I would need to rename the local domain for the server, for example
> now it's something like s1.domain.local. Is there a way to change it to
> another name? Will it affect the users already registered?
> I am a bit lost on where should I start. I first need to migrate the
> active directory accounts from each server to the primary and then set the
> other servers as secondary domain controllers so they can replicate.
> Is there a step by step example on how to accomplish this?
>
> Thanks much in advance,
>
> Teo
>
Previous Topic:Disabling the password expiry notification prompt at logon
Next Topic:W2K3 DC on different network
Goto Forum:
  


Current Time: Wed Jan 17 04:15:16 MST 2018

Total time taken to generate the page: 0.02079 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software