Adding DC to an existing domain and forest

Similar Messages

• Things to be considered before AD - domain and forest functional level upgrade (win 2003 to 2008 R2)

  Hi
  Recently we introduced Windows 2008 R2 DCs and decommissioned old Windows 2003 domain controllers. Since we are not sure about the application compatibility (both MS and 3rd party) many times we postponed the plan to upgrade the DFL and FFLs. We found Jonathan's
  blog (http://blogs.technet.com/b/askds/archive/2011/06/14/what-is-the-impact-of-upgrading-the-domain-or-forest-functional-level.aspx),
  whcih clearly says the upgrade won't affect any applications. But just to confirm this with the experts we are posting this concern once again. We have Exchange 2010 / Shrepoint / SQL / SAP etc..(also 2 X windows 2000 servers)
  Please let us know from your real experiance - in production environment how a upgrade from 2003 to 2008 R2 (belive we can able to upgarde both FFL and DFLs from Win 2003 to Win 2008 R2) affects existing applications.
  Thanks in advance
  LMS

  I might be able to help with Exchange. What service pack?
  Most likely, there should be no problem. The Exchange compability matrix shows that (with SP2 and SP3) it is compatible with Windows 2008 R2 domain controllers and 2008 R2 domain and forest functional levels.
  I'm *working on* an Exchange 2010 migration but if you want someone who *has* such a combination (2008 R2 DFL/FFL and Exchange 2010), you could ask in the Exchange forum.
  I'm sure, though, that such a combination is actually quite common.
  Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.

• Adding portal to an existing domain

  Hi I have a JSP/Servlet web applicatin and
  I want to make it a portal application.
  I was following Weblogic Portal Development
  Guide 7.0. I found the section
  "Adding portal to an existing domain" is very incomplete
  or confusing and I cannot do it. Is there any better document
  for this?

  Judging from the dates between these two entrries and no answers, I'd
  guess that there isn't anyone from BEA monitoring this group? I am in a
  similar situation. What I want to understand is how one can "portalize" an
  existing web app. I understand there are implications to some of the
  presentation, but specifically, I want to deploy a Servlet based app that
  uses EJBs and deploy this as an EAR in the same domain as the portal
  (perhaps under the /applications directory). I can make everything work
  except the webflow where I reference the Servlet.
  Specifically, I have a presentation page that is defined to be my servlet.
  When I try to build a webflow URL referencing this event, I get errors from
  the portal because it presumes it may be located somewhere else or in a
  different namespace. It leads me to believe that I can't reference a
  servlet unless it is under the /framework or /portal directories under the
  portal web-app directory. I'm convinced there must be a way to reference
  other web components that aren't specifically part of the portal web app,
  but can't figure out how to propagate the webflow element to the actual
  servlet I want.
  Any ideas from the community at large? This must be something other
  people have wrestled with since I can't imagine that only new apps will be
  put into portals.
  Thanks,
  Mark
  "Sara" <[email protected]> wrote in message
  news:[email protected]...
  >
  I'm facing similar problems too. I have an ear file in an existing domainthat
  I want to use to create a portal. The documentation on this is quiteconfusing
  and the steps require so many manual steps that it is bound to beerror-prone.
  What's BEA's recommended way to expose an existing Weblogic application asa portal
  Thanks in advance
  -Sara
  "David Zhang" <[email protected]> wrote:
  Hi I have a JSP/Servlet web applicatin and
  I want to make it a portal application.
  I was following Weblogic Portal Development
  Guide 7.0. I found the section
  "Adding portal to an existing domain" is very incomplete
  or confusing and I cannot do it. Is there any better document
  for this?

• Re: File sync across servers different domains and forests

  I don't see why that would be an issue however I have only ever used it in exchange 2013

  Hey Guys
  Just seeing if anyone had any idea for software to sync drives/folders between 2 servers over the internet. We 2 separate domains and forests running. 1 location uses 1 domain and then 3 locations use the second domain. However we need to be able to sync some folders between the 2 domains as staff are all technically running under the single organization name (very confusing). I wanted to use DFS but obviously cant due to the forest restraints here.
  The staff all use a terminal server and have a mapped drive with directory structure and need so basically have that syncing both ways as each side will have their own structure that needs to sync back to the other site.
  Sorry if that's confusing
  Thanks
  This topic first appeared in the Spiceworks Community

• Credentials needed to raise domain and forest level from 2003 to 2012 R2.

  I migrated our environment from a single DC server 2003 to a single DC server 2012 R2.  I followed the migration process that is documented by Microsoft and others.
  However, I forgot to assign my account Enterprise Admin and Schema Admin before raising the domain and forest levels from 2003 to 2012 R2.  My account did have domain admin.  The GUI interface did not complain when I raised the level of the domain
  and then the forest.
  So I am thinking everything is OK.
  My question is am I going to have problems down the road with the AD environment?
  Thanks for any help or opinions.

  Using snapshot for a domain controller is not recommended, as usn rollback can occur. Allthough in server 2012 using snapshot for dc's has been improved and made 'safer', but I wouldnt use it as a backup solution.
  But back to your problem, Beaulieu, is it a single domain/single forest design? And the issue is that you have no membership in schema- and enterprise admins, but you do have an domain admin?
  Best Regards,
  Jesper Vindum, Denmark
  Systems Administrator
  Help the forum: Monitor(alert) your threads and vote helpful replies or mark them as answer, if it helps solving your problem.

• SBS 2011 Existing domain and the 21 day timer

  I will be putting an SBS 2011 server into a Server 2088 R2 domain. There is no Exchange server in this domain.
  Will I need to worry about the 21 day timer? From previous experience I believe the 21 day timer is tied to an Exchange server being in the domain. I am asking, because I would like to move the server into the domain and test some things before I start moving
  the users into the SBS OUs, and migrating their email from the POP server onto the domain.
  Thank you for any info!

  No, there is no 21 day issue migrating to SBS 2011 from standard server.  Be sure you have restorable backups and are comfortable with moving the FSMO roles and go for it.  Here is one guide to the process, and there are others:
  http://www.techieshelp.com/step-by-step-guide-to-migrating-to-sbs-2011/
  Larry Struckmeyer[MVP] If your question is answered please mark the response as the answer so that others can benefit.

• USMT between separate domains and forests

  Hi!
  I have a problem with migrating profiles from an old domain to a new one when doing OSD on them. Usernames is the same in both domain an SidHistory is migrated. The domains are in two separate forests and a one-way trust exists from the old domain to the
  new one.
  I'm running the following command on a test VM in the new domain after saving the user state from a VM in the old domain:
  loadstate.exe C:\USMTShare /c /l:C:\logs\loadstate.log /progress:C:\logs\loadstateprogress.log /i:C:\USMT6.3\migdocs.xml /v:5 /i:C:\USMT6.3\migapp.xml /md:olddomain.com:newdomain.org
  This gives me the following output in the loadstate.log:
  2014-02-13 18:03:30, Info [0x000000] User olddomain\Mig.Test0001 maps to S-1-5-21-8915387-1198066105-xxxxxxxxxx-19198
  2014-02-13 18:03:30, Info [0x000000] Adding domain account newdomain\Mig.Test0001 (S-1-5-21-8915387-1198066105-xxxxxxxxxx-19198)
  2014-02-13 18:03:30, Info [0x0803b2] Adding user S-1-5-21-8915387-1198066105-xxxxxxxxxx-19198, newdomain\Mig.Test0001
  2014-02-13 18:03:30, Info [0x0803b3] User S-1-5-21-8915387-1198066105-xxxxxxxxxx-19198, newdomain\Mig.Test0001 added successfully
  2014-02-13 18:03:30, Status [0x000000] Activity: 'MIGACTIVITY_PROFILE_CREATE'
  2014-02-13 18:03:30, Info [0x000000] Entering MigGetRealPlatform method
  2014-02-13 18:03:30, Info [0x000000] Leaving MigGetRealPlatform method
  2014-02-13 18:03:30, Info [0x000000] Creating profile for target user newdomain\Mig.Test0001 (source user olddomain\Mig.Test0001)
  2014-02-13 18:03:30, Info [0x080000] Mig::COnlineWinNTPlatform::CreateProfileForUser: Called for user newdomain\Mig.Test0001 with ProfileSuffix: (NULL)
  2014-02-13 18:03:30, Info [0x080000] Creating profile for user S-1-5-21-8915387-1198066105-xxxxxxxxxx-19198, newdomain\Mig.Test0001 ((NULL)). Using existent SID
  2014-02-13 18:03:31, Info [0x080000] Adding indirect mapping for HKCU (C:\Users\Mig.Test0001\NTUSER.DAT) to 0x80000003, S-1-5-21-8915387-1198066105-xxxxxxxxxx-19198
  2014-02-13 18:03:31, Info [0x0803e2] Adding indirect mapping from HKCU to <C:\Users\Mig.Test0001\NTUSER.DAT> loaded at HKEY_USERS\S-1-5-21-8915387-1198066105-xxxxxxxxxx-19198 (R/W)
  So the profile is restored, the profile name looks fine in System Properties -> User Profiles (Changes from "Account Unknown" to "NEWDOMAIN\Mig.Test0001" after the loadstate.exe command.) The Problem is, when this user logs in a new
  profile is created anyway and a new folder is created (c:\users\Mig.Test0001.NEWDOMAIN).
  When taking a look at the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList, I can see that the sid for Mig.Test0001 from OLDDOMAIN is present and are corresponding to the migrated profile. When I'm logging in
  as NEWDOMAIN\Mig.Test0001, the new sid is created here. If I replace the old SID with the new SID before logging in with NEWDOMAIN\Mig.Test0001, the migrated profile is used.
  So it looks like loadstate.exe finds the corresponding account in OLDDOMAIN for the SID it finds in the StateStore, and instead of finding the corresponding user account in the NEWDOMAIN and use the SID for that, it uses the SidHistory attribute.
  Is there a way to change this behavior so that the new accounts Sid is being used instead of the old ones, even if using SidHistory?

  Hi,
  How about using "/mu" instead of "/md"?
  If this cannot work, I suggest you that writing a script to replace the SID.
  Best Regards,
  Joyce Li
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• "added time cap to existing network" and can't get Ethernet cable connection to Time cap to work...

  I added a new time capsule to my existing wifi network. Everything initialized well and time machine could see the TC. I tried to connect a cable directly to the TC for the first backup... But the cable connection doesn't see the TC. Ideas?

  If you used join a network then the TC turns off its ethernet ports.

• Config Manager 2012 setup w/ SQL DB in a different domain and Forest

  Hi all I'm hoping these are easy questions.  The SQL admins in my environment are pushing for me to have the DB hosted on the managed SQL servers vs on the PSS.  The only potential problem is that the SQL servers currently are in a different domain/forest. 
  There is a two trust between forests. The managed workstations will be in the same domain as the SCCM infrastructure.  There will not be any managed workstations in domain where the SQL server resides.  Eventually all SQL servers will be moved to
  a different domain, but it will not be the same domain as the SCCM infrastructure.  My questions are below
  Will I need to have another PSS in the same domain as the SQL Server?  If yes then i assume I'll need a CAS as well to manage both PSS.
  Since the SQL servers will eventually be moved to another domain/forest, which will have a two was trust as well, what are the potential issues that can arise from this?
  Thanks

  Technically what you're asking for will work.  THat said:  you should be willing to demonstrate to your SQL team that SCCM will be fully capable of overwriting, dismounting and otherwise destroying every database on that shared SQL server due to
  the ridiculously elevated permissions required on said said SQL system.
  To clarify:
  SCCM will require local administrator permissions to every node in the cluster.  When it connects, it will immediately install a server role on said cluster.  It will also require full administrative access to the instance the database will reside
  in.  By the time all this fun stuff is open, anyone who knows how to open up a command prompt under the system context of your SCCM server will be able to to all sorts of fun stuff that really REALLY won't make your SQL team very happy.
  I'd fight the desire tooth and nail.  If they threaten to not support the SQL instance I'd be OK with that even.  Microsoft won't even support you if you make any edits/changes to the SQL database directly anyway.

• Which domain and forest functional level is supportted for the "Active Directory Resource Pool Synchronization"?

  Hi all,
  I'd like to confirm which Domain/Forest functional levels of Active Directory is supported for "Active Directory Resource Pool Synchronization" in Project Server 2013.
  I guess that 2003 or later is supported, but my customer required reliable sources.
  I googled and searched article at TechNet, but I couldn't find.
  Could anyone inform me the article about that?
  Thank you in advance.
  Kaori.

  Hi Michael and all,
  Anyway I solved this issue.
  I couldn't find article that I desired, so I asked advice to my colleagues and they told that the functional level 2003 or later are supported in their experience.
  In addition, I found these articles about SharePoint sync limitations.
  Members of the domain local group cannot view a Microsoft Office SharePoint Server 2007 Web site
  http://support.microsoft.com/kb/932378/en-us
  SharePoint supportability of Read only Domain controllers
  http://support.microsoft.com/kb/970612

• Adding a Subreport to existing report and getting this error, "Unable to connect: incorrect log on parameters"

  I have taken on an existing vb.net project done in Visual Studio 2008 with crystal reports version Crystal Report XI.
  The reports on their own work very well. Problem is I need to add information to my report which is a 'many-to-one' situation where for each Project Id that I am displaying I need to display several attached documents and the report I am working on is for several Project Id's.
  I figured this would be a perfect situation for a SubReport. I created a separate report which calls a stored procedure to get all of the Attached Documents for a specific Project Id. I thought if I were to add this new SubReport to the Original Report and link the Project Id's, easy-peazy, I would be done.
  This is not the case. I have vb code that loads the Original Report with a stored procedure and when this code runs with the setup I described above it fails when it is creating the final report with the following error:
  Logon failed. Details: crdb_adoplus : Object reference not set to an instance of an object. Error in File C:\~\ProjectDescriptionReport {6BA19F79-2A12-4826-B1F6-456EF799963B}.rpt: Unable to connect: incorrect log on parameters.
  I have no specific connections in my vb code for the reports. If I do not add the subreport to the main report, it loads correctly, so I know the error is caused by the subreport.
  This is the code that creates the original report (sorry for dumping the code here, i just thought it would be easier to see all the code) :
  Public Function LoadReport(ByVal inProjectNum As Integer, ByVal strProjectName As String) As DataTable ', ByVal inFiscalYear As Integer, ByVal inCompany As String) As DataTable
          Dim cnn As SqlConnection = Nothing
          Dim cmd As Data.SqlClient.SqlCommand
          Dim obj As New clsDataClass
          Dim dataAdapter As SqlClient.SqlDataAdapter
          Try
              LoadReport = New DataTable("DescriptionReport")
              cmd = New SqlCommand()      
              cnn = obj.Create_Connection()
              With cmd
                  .CommandType = Data.CommandType.StoredProcedure
                  .Connection = cnn
                  .CommandTimeout = "60"
                  .CommandText = "usp_GetProjectGroupSpecsCR"              
                  .Parameters.AddWithValue("@ProjectNumber", inProjectNum)
                  .Parameters.AddWithValue("@ProjectName", strProjectName)
              End With
              dataAdapter = New System.Data.SqlClient.SqlDataAdapter
              dataAdapter.SelectCommand = cmd
              dataAdapter.Fill(LoadReport)
              Dim oRpt As New ReportDocument()
              oRpt.Load(Server.MapPath("ProjectDescriptionReport.rpt"))
              oRpt.Refresh()
              oRpt.SetDataSource(LoadReport)
              'oRpt.OpenSubreport("AttachmentsReport").SetDataSource(LAR)
              oRpt.SetParameterValue("inProjectNum", inProjectNum)
              oRpt.SetParameterValue("strProjectName", strProjectName)
              oRpt.ExportToHttpResponse(ExportFormatType.PortableDocFormat, Response, True, "Projects_DescriptionReport") 'inCompany & "ProjectsReport_Description" & inFiscalYear) <-- Line where the error occures.
  What I need to know is what is the proper way to add a subreport to a vb.net application?
  From the ways I have tried it is clearly not working and I am out of ideas. I am fairly new to Crystal Reports and this way of coding it.
  Any help for this would be greatly appreciated, I've been stuck on this for a while and am finally reaching out to the Crystal Report Specialists.
  Thank you in advance,
  Bryan

  Hi Bryan,
  You may want to check the Connection properties also. I think the MS Data.SqlClient.SqlCommand is using the MDAC driver, or could be modified.
  If you are connecting to SQL Server 2008 or above you should be using the SQL Native 10 or 11 Client.
  As Dell suggests have a look at the samples and if you can use a DSN ( 32 bit or 64 bit ODBC Admin )
  Also search for "CRlogger", you'll find how to enable CR's database logging component and may help show you what part is failing.
  Don

• Adding CDATA to an existing xml and flash asset

  Hi, I am a front end web designer/developer and
  analyst...struggling with putting an accordian flash xml menu
  together. I have it done except I need to add a simple trademark
  symbol circle with r. I am struggling with how to do this since I
  am not savvy in actioncript. I assume the best way is to add it is
  with a CDATA child node, but do not know how or whatever is the
  best way to get this done since am on a tight deadline. I need
  someone to explain step by step what I have to do to get this
  simple addition resolved. Attached are the links to home page and
  code for the xml file. The left navigation is the asset that I need
  to add the trademark symbol under about, about ADHERE. Thanks so
  much in advance!!!!!!
  [URL=http://www.nodcreative.com/natrecor_sliced/natrecor_index.html]index
  page with flash xml menu asset[/URL]
  xml code:
  <?xml version="1.0" encoding="UTF-8"?>
  <accodion>
  <item name="HOME">
  </item>
  <item name="ABOUT">
  <item name= "ABOUT
  ADHERE<![CDATA[write]]>"></item>
  <item name="Medical Information" url="
  http://www.jnj.com?ref=Random">
  </item>
  <item name="About SCIOS" url="
  http://www.jnj.com?ref=Random">
  </item>
  </item>
  <item name="INTERACTIVE DOSING INFORMATION">
  <item name="Indications and Usage" url="
  http://www.jnj.com?ref=Random"></item>
  <item name="Contraindications" url="
  http://www.jnj.com?ref=Random"></item>
  <item name="Warnings" url="
  http://www.jnj.com?ref=Random"></item>
  <item name="Dosage and Administration" url="
  http://www.jnj.com?ref=Random"></item>
  </item>
  <item name="RESOURCES AND TOOLS">
  <item name="NATRECOR PI" url="
  http://www.jnj.com?ref=Random"></item>
  <item name="About Heart Failure" url="
  http://www.jnj.com?ref=Random"></item>
  <item name="Stages of Heart Failure" url="
  http://www.jnj.com?ref=Random"></item>
  <item name="NATRECOR Dosing Information" url="
  http://www.jnj.com?ref=Random"></item>
  <item name="Patient Management Resources" url="
  http://www.jnj.com?ref=Random"></item>
  </item>
  <item name="US PRESCRIBING INFORMATION">
  </item>
  <item name="IMPORTANT SAFETY INFORMATION
  ref=http://www.jnj.com">
  </item>
  <item name="REGISTRATION ref=http://www.jnj.com">
  </item>
  </accodion>
  FLASH actionscript is as follows:
  // The accordion
  var accordion = this
  // The item list
  var itemList = []
  // SETTINGS
  //-------------PROPERTIES----------------
  // Separation between the buttons
  var separation = 1.5
  // Tabulation between the buttons and the margin
  var tabulation = 10
  // if true, it cant be more than one items opened at the same
  time (only for the first buttons, POWERFUL, MENU ,ACCORDION, ets).
  var autoClose = true
  // if true, it cant be more than one subItems opened at the
  same time.
  var subItemAutoClose = true
  // if true, open and close all the subItems at the same time.
  var openAll = false
  // The height of the button
  var itemHeight = 21
  // The width of the button
  var itemWidth = 230
  // If true, show the light over the button
  var light = true
  // The ease of the menu opening
  var openEase = 2.5
  // The ease of the menu closing
  var closeEase = 2.5
  // The rollOut color fade speed
  var rollOutFade = 8
  //-------------COLORS----------------
  // The color of the button
  var buttonColor = 0xa
  // The roll over color
  var rollOverColor = 0xCCCCCC
  // The arrow color
  var arrowColor = 0xCCCCCC
  // The arrow color on roll over
  var rollOverArrowColor = 0x000000
  // The text color
  var TextColor = 0xFFFFFF
  // The text color on roll over
  var rollOverText = 0x000000
  // LOADING XML
  // The xml data
  var xmlSource:XML = new XML
  // Loading the xml
  xmlSource.onLoad = function(success:Boolean):Void {
  // When the load finishs...
  if (success) {
  // The first node of the xml
  xmlRoot = xmlSource.firstChild
  // The item nodes
  xmlItems = xmlRoot.childNodes
  // The total of items
  total = xmlItems.length
  // Creating the buttons
  for (i=0; i<total; i++){
  // Attaching the buttons
  accordion.attachMovie("item", "item" + i, i)
  // The button reference
  itemList
  = accordion["item"+i]
  // The first node of the item node
  itemList.xmlRoot = xmlItems
  // The separation between subitems
  itemList.separation = separation
  // Tabulation between the subitems and the margin
  itemList
  .tabulation = tabulation
  // subItems auto close
  itemList.subItemAutoClose = subItemAutoClose
  // The subitems height
  itemList
  .itemHeight = itemHeight
  // The subitems width
  itemList.itemWidth = itemWidth
  // shows/hides the subitems light
  itemList
  .light = light
  // The subitems color
  itemList.buttonColor = buttonColor
  // The roll over color
  itemList
  .rollOverColor = rollOverColor
  // The arrow color
  itemList.arrowColor = arrowColor
  // the arrow color on roll over
  itemList
  .rollOverArrowColor = rollOverArrowColor
  // The text color
  itemList.TextColor = TextColor
  // The roll over text color
  itemList
  .rollOverText = rollOverText
  // the opening easing
  itemList.openEase = openEase
  // The closing easing
  itemList
  .closeEase = closeEase
  // The roll over fade speed
  itemList.rollOutFade = rollOutFade
  // open all
  itemList
  .openAll = openAll
  // ignore white
  xmlSource.ignoreWhite = true;
  // Loads the .xml file
  xmlSource.load("accordion.xml");
  // Aligning the items each one below the other
  this.onEnterFrame=function(){
  // Does the align to ALL the items
  for (i=1; i<total; i++){
  // Aligning the items
  itemList._y = itemList[i-1]._y +
  itemList[i-1].mask._height + itemList[i-1].button._height +
  separation
  // The cursor position
  cursor._x = _xmouse
  cursor._y = _ymouse
  // Opens the items
  onMouseDown = function (){
  // Does this to all the buttons
  for (i=0; i<total; i++){
  // If is clicked
  if (itemList
  .button.hitTest(cursor)){
  // Shows the current item
  showCurrent(itemList)
  // Shows the button clicked
  showCurrent=function(current){
  // Does this to all the buttons
  for (i=0; i<total; i++){
  // Does this to all the buttons exept the clicked
  if (itemList
  !=current){
  // Close the other items if autoclose = true
  if (autoClose){
  // Close the other items
  itemList.openBox=false
  // fades the roll over effect of the other items
  itemList
  .over = false
  //Does this to the clcked item only
  } else {
  // If it has sub items
  if (total>0){
  //Hides them if its open
  if (itemList.openBox){
  itemList
  .openBox=false
  //Shows them if its closed
  } else {
  itemList.openBox=true
  // If it has no subitems goes to the link
  } else {
  getURL(xmlRoot.attributes.url, _self)

  Please don't cross-post in a bunch of forums. Also when
  adding code to a post, please use the attach code button. That
  keeps the formatting and makes it easier to read. Your code is far
  too long and way to unformatted to really understand quickly.
  I don't know why you would need a CDATA node to get the
  registered symbol. If the XML file you are working with is saved as
  unicode (UTF-8) the symbol should come across just fine. Just
  putting the UTF-8 at the beginning doesn't tell whatever program
  you are using to save as UTF-8!
  Do you know how to make the registered symbol? On windows it
  is ALT -0174 (use the keypad for those numbers).
  Once you've got the symbol in your XML the next step is to
  check if Flash is loading it correctly. When you are in the testing
  environment go to the Debug menu and select List Variables. The
  trace window will show all the variables -- and there are probably
  a lot! Search/Find something close to the symbol and see if the
  trace window shows the symbol correctly. If it does then Flash is
  readying it correctly and if it isn't showing you have problems
  with your textfield. If it isn't showing correctly then your XML
  file isn't UTF-8.
  If it is textfield problems I wouldn't know what to do since
  it is inside a component. Post back with your findings.

• Pros and cons in setting AD domain trust into my AD domain for more than 10+ AD domain and some with same FQDN or label ?

  Hi,
  Can someone please share what is the pros and Cons of trusting AD domain for more than 10 different AD sites into my existing single domain forest let say ParentCompany.com ?
  At the moment I only have one single forest AD domain with the Domain and Forest functionality Windows Server 2003. The main domain controller FSMO role holder is in the Data Center spread across three different VMs running on Windows Server 2008 R2.
  The main/parent company has acquired smaller business chain of 15+ offices in which they have their own Domain Controller and also their own domain, sometimes they also got the same AD domain between them (no trust or whatsoever in those 15+ AD domain).
  Sounds crazy but yes, there is no standardization in them or whoever manage their IT infrastructure previously.
  I'm now considering what are the benefits of creating the AD domain and trust versus importing those AD objects into my domain and then decommission them.
  No need to worry about Exchange Server since all of the user in those sites connecting to the RDS to my ParentCompany.com terminal servers.
  My requirements or goal are as follows:
  1. Simplify the AD domain structure & maintenance
  2. Try to avoid the disruptions of the user in terms of downtime and selecting multiple different domain everytime they login to their PC or SharePoint sites.
  any kind of help and suggestion would be greatly appreciated.
  Thanks.
  /* Server Support Specialist */

  Can someone please share what is the pros and Cons of trusting AD domain for more than 10 different
  AD sites into my existing single domain forest let say ParentCompany.com ?
  I think you mean 10 AD domains.
  Managing multiple domains can be difficult for administration. I usually recommend using a single domain in a single forest with OUs to separate resources whenever it is possible.
  However, if you can't do that then you can simply create trust relationships between your domains. The advantage is that you can enable access to resources to different domains. I do not see cons here.
  The main/parent company has acquired smaller business chain of 15+ offices in which they have
  their own Domain Controller and also their own domain, sometimes they also got the same AD domain between them (no trust or whatsoever in those 15+ AD domain). Sounds crazy but yes, there is no standardization in them or whoever manage their IT infrastructure
  previously.
  I'm now considering what are the benefits of creating the AD domain and trust versus importing those
  AD objects into my domain and then decommission them.
  I would recommend consolidating your domains into a single one. ADMT is a migration tool that you can use. The advantage would be the ease of administration. Also, by having multiple DCs for the same domain across sites, you will take benefit of High Availability
  of your and DRP.
  This posting is provided AS IS with no warranties or guarantees , and confers no rights.
  Ahmed MALEK
  My Website Link
  My Linkedin Profile
  My MVP Profile

• Publish to .mac with an existing domain name

  I was wondering if anyone has published to .mac with and existing domain and kept it. I have had my business under this domain name for 15 years and do not want to change it at this time.
  Thanks
  mekod

  I believe the issue is solved as the domain now points correctly to BC servers , it was probably a propagation delay.
  Thanks,
  Sanjit

• Replication with Domain and Sub domain in Active directory sites and services

  I seen many AD enviroments and know that when you have mutiple DCs you use Active Directory Sites and services to replicate using the NTDS Settings. If you have a Domain and sub domain do you need to do this as well or does it sync up automatically because
  it's a sub domain? A see a couple of domains where the NTDS settings isn't being used to snyc with the child domain. Just wondering if that is normal or will it cause authentication errors?

  I seen many AD enviroments and know that when you have mutiple DCs you use Active Directory Sites and services to replicate using the NTDS Settings. If you have a Domain and sub domain do you need to do this as well or does it sync up automatically
  because it's a sub domain? A see a couple of domains where the NTDS settings isn't being used to snyc with the child domain. Just wondering if that is normal or will it cause authentication errors?
  Two way transitive trusts are configured automatically when you create a child domain or tree root domain. You don't have to worry about site/subnet or replication part at least from trust perspective. But make sure site's names are unique in each domain.
  How Domain and Forest Trusts Work
  http://technet.microsoft.com/en-us/library/cc773178%28v=ws.10%29.aspx
  http://technet.microsoft.com/en-us/library/cc730868.aspx
  http://blogs.technet.com/b/askds/archive/2008/09/24/domain-locator-across-a-forest-trust.aspx
  Awinish Vishwakarma - MVP
  My Blog: awinish.wordpress.com
  Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.