Hou to do intra-forest domain migration of enterprise sub-ordinate CA

Similar Messages

• Active Directory Cross Forest Domain Migration

  Dear All,
  We are in the process to rebuild new Active Directory infrastructure. Multiple single forest domains in organization which needs to be consolidated/migrated on single Active Directory Domain. For this consolidation, have some queries to be addressed before
  going to start consolidation.
  What is the best practices and what tool should we use for domain migration/consolidation
  Active directory is on Windows 2003, forest and domain level is on Windows 2003, this will support to Windows 2012 R2 forest and domain functional level, will be migrated
  directly from windows 2003 to windows 2012?
  When move users to new domain, how will they access the other resources on the network. For e.g. Printer, File server, local web base application
  After moving some computers to new domain would be possible to access remaining computers on old domain?
  How the file server data will be moved? Best practices with NTFS folder permissions and users rights?
  Is there any policy to register network printers on new Active Directory domain?
  How users would be access web base application on new domain as their FQDN would be define with old domain name? Any option to change old domain FQDN with new domain that would be describe with any URL link?
  Kindly give your valuable input to meet the desire result.
  Thanks in Advance.

  Dear Lucky,
   Ya you can Migrate contents from multiple forest domain. Using ADMT (Active Directory Migration Tool)is the best way to migrate AD content. But you can't migrate from Windows Server 2003 to Windows Server 2012 R2, cause in Windwos Server 2012 R2 don't
  have the supportebility of Windows Sever 2003.And not only users you can also migrate all others info (i.e. Computer object info, groups info, Exchange mailbox info, security info).You can migrate users face by face, means which peoples are in old domain they
  can access old domain and new users are in new domain.For more info please follow the given link:
  http://technet.microsoft.com/en-us/library/cc974332(v=WS.10).aspx
  Mithun Dey Web: http://cloudmithun.wordpress.com If this may give your necessary resolution please mark it as Answre.

• Restructuring Forest-Domain - Best Migration Tool

  Hello,
  My Client is about proceed towards a multiple Forest-Domain strategy,
  We have studies some of the product available for the migration of the object to new domains,
  Quest Migration Manager (now dell), Smart AD Migrator (BinaryTree), ADMT (Microsoft)
  However apart from these tools which are capable of migrating standard objects types from directory to other..
  for e.g.: users, computers, groups, My client has Embbeded PCs, Micro-Terminals etc..
  I need to know what all Tool->Vendor are capable of migrating unknown, rarely used, custom made objects.
  An Extremist

  ADMT is a good migration tool. I already used it to migrate 60k + AD objects.
  I am not sure about support of PCs running Windows Embedded but you can give a try. If it does not work then I am not aware about a Microsoft tool to manage that.
  This posting is provided AS IS with no warranties or guarantees , and confers no rights.
  Ahmed MALEK
  My Website Link
  My Linkedin Profile
  My MVP Profile

• Active Directory domain migration with Exchange 2010, System Center 2012 R2 and File Servers

  Greeting dear colleagues!
  I got a task to migrate existing Active Directory domain to a new froest and a brand new domain.
  I have a single domain with Forest/Domain level 2003 and two DC (2008 R2 and 2012 R2). My domain contains Exchange 2010 Organization, some System Center components (SCCM, SCOM, SCSM) and File Servers with mapped "My Documents" user folders. Domain
  has about 1500 users/computers.
  How do u think, is it realy possible to migrate such a domain to a new one with minimum downtime and user interruption? Maybe someone has already done something like that before? Please, write that here, i promise that i won't ask for instruction from you,
  maybe only some small questions :)
  Now I'm studying ADMT manual for sure.
  Thanks in advance, 
  Dmitriy Titov
  С уважением, Дмитрий Титов

  Hi Dmitriy,
  I got a task to migrate existing Active Directory domain to a new froest and a brand new domain.
  How do u think, is it realy possible to migrate such a domain to a new one with minimum downtime and user interruption?
  As far as I know, during inter-forest migration, user and group objects are cloned rather than migrated, which means they can still access resources in the source forest, they can even access resources after the migration is completed. You can ask users
  to switch domain as soon as the new domain is ready.
  Therefore, there shouldn’t be a huge downtime/interruption.
  More information for you:
  ADMT Guide: Migrating and Restructuring Active Directory Domains
  https://technet.microsoft.com/en-us/library/cc974332(v=ws.10).aspx
  Best Regards,
  Amy
  Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]

• Is that possible to do the cross domain migration for AD RMS Services?

  Hi guys, recently i am doing a cross domain migration, when i listing out the server, i found the server have AD RMS services which is still active.
  but after my migration is complete, it is planned to do the decommission on all the old server
  After my checking, i believe the AD RMS have trust establish with a cross site domain already. What i am planning to do is try to do a migration on it.
  i have do some research on it an i found "Cross forest Migration of AD RMS document"
  what i found in the document, it have mention about
  In the event when one cluster running AD RMS is to be discontinued, users may still want to access
  previously protected content that was issued a publishing license by that computer. Servers in other clusters can then add the to-be-discontinued server as a trusted publishing domain.
  So i was wondering if there is an option for Ad RMS services to select a server or host to discontinued?
  The scenario in my head now,
  1.Build trust between in my new domain AD RMS with the existing AD RMS.  update the certificate between the trusted domain as i mention above with my new domain AD RMS.
  but i was wondering if i power down or decommission the server what will happen?
  2. the worst case scenario will be decommission the old AD RMS service, and publish the new AD RMS services in new domain, simply build trust with the cross site domain.
  any suggestion on this? which case is more workable?
  Thanks
  Dave

  Hi,
  I think you may ask in AD RMS forums:
  http://social.technet.microsoft.com/Forums/en-US/home?category=rms&filter=alltypes&sort=lastpostdesc
  Regards.
  Vivian Wang

• AD DS New Forest Domain Naming Problem

  Hey everyone,
  I'm having a bit of a conundrum about the new forest domain name and what possible implications it can have if I chose the wrong name convention...
  Current Setup
  The current issue is that the company I work for was bought out by another company and atm, where using a 2-way forest trust.
  The company also has another site in Africa which is using a different forest domain but doesn't have any forest trust to either of the other 2 domains.
  The current forest domains are:-
  1. Company1.local (my old company)
  2. Company2.com.au (main company)
  3. internal.company2direct.com.ke (Africa site)
  To make it worse, all three sites have their own Exchange environment and there's all types of file share/application authentication issues between sites.
  Therefore, the company has decided that they want to get rid of all the exchange environments/file shares and so forth and move everything to
  Office365, including SharePoint and Lync
  New Solution
  They have also decided that they want a new forest with a single domain and that the locations and security will be delegated by using different OU structures/GPO's as it's all going to administered by 2 people at the main company site. This is non-negotiable
  as they don't want sub/child domains or different forests, just a single entity.
  They're using a third party to do the Office365 design and implementation. However I have been assigned to setup the new initial ADDS server for the new forest.
  After some reading I've found that we really shouldn't be using '.local' or '.internal' for the forest root domain. I suggested that we use 'internal.thecompanynamethatisreallylong.com.au' and a NetBIOS of 'CNF' (which is actually that long,
  and I feel that if we have to use a FQDN for anything then it will cause an issue)
  They want me use the following for the forest root domain ' au.cnf' with a NetBIOS of 'CNF'
  Is that really such a good idea or is there any situation whereby using 'au.cnf' as the
  prefix.suffix could cause any issues?
  I would of like to use 'internal.cnf.com.au' however the domain name 'cnf.com.au' is already registered by another company..
  Once the new forest is created, I'll create a 2way trust between the companies and start using ADMT to migrate accounts across
  Thanks in advance for you help

  Hello,
  for AD limits, especially amount of usable characters, please see
  http://technet.microsoft.com/en-us/library/cc756101.aspx
  Personally I would NOT use the "CNF" as NetBIOS domain name. "CNF" in AD stands for "Conflicting object" and this will be shown in dcdiag or repadmin outputs when conflicts are listed as doubled names for example.
  For the internal naming I would always use short domain names. Top level domain names to avoid for WAAD and Office365 I would also check with the experts in http://social.msdn.microsoft.com/forums/azure/en-US/home?forum=WindowsAzureAD
  and http://community.office365.com/en-us/f/default.aspx
  You could use public TLDs but keep in mind that you have to configure split DNS that way.
  Best regards
  Meinolf Weber
  MVP, MCP, MCTS
  Microsoft MVP - Directory Services
  My Blog: http://blogs.msmvps.com/MWeber
  Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
  Twitter:  

• Can the SidHistory attribute be moved from one User account to a different User account in the same Forest/Domain?

  Hello,
  Can the SidHistory attribute be moved from one User account to a different User account in the same Forest/Domain manually with  Active Directory Users and Computers or with something like Powershell?  it would seem to me this is a safe operation.
  Thanks for your help! SdeDot

  Hi,
  In addition, please also take a look at the below thread:
  copy SIDHistory from one account to another in the same domain
  http://social.technet.microsoft.com/Forums/en-US/2ca8727c-b3fd-4ef8-9747-99295f0cd61c/copy-sidhistory-from-one-account-to-another-in-the-same-domain?forum=winserverDS
  Hope this helps
  Best regards
  Michael
  If you have any feedback on our support, please click
  here.
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• Weblogic 10.0mp1 domain migration over windows to weblogic12c

  Need to know the migration steps while migrating the weblogic domain 10.0 mp1 hosted over windows server 2008 to another windows machine and the weblogic should be 12.2 .
  The admin server is running with 3 managed server in prodcution.Can anyone suggest the possible ways?Can i use the domain migration utility GUI as provided over 12C ?

  Hello.
  The "server restart needed" is handle by wlst like this: http://edocs.bea.com/wls/docs100/config_scripting/config_WLS.html#wp1029452
  Furthermore: http://download-llnw.oracle.com/docs/cd/E13222_01/wls/docs92/config_scripting/reference.html#wp1153965 but I still don"t know if a MBean is modified with this attribute, anyway, it could suffice for you script I think.
  Regards.
  Aurélien.
  Edited by: Aurelien DEHAY on 30 juil. 2009 09:25

• Still about domain alias and domain migration

  Our company is under a domain name transition. Currently, our domain is lab.D.com, and we are moving to aaa.com.During the transition, we wish both domains could work for us for a long time.
  I added a domain alias aaa.com for our domain lab.D.com, the ldif shows:
  dn: dc=aaa, dc=com, o=internet
  objectclass: alias
  objectclass: inetDomainAlias
  aliasedObjectName: dc=lab, dc=D, dc=com, o=internet
  dc: aaa
  after restarting msg server, I can send email to [email protected] which is acutually [email protected]
  However, this is only half-way to my goal. I wish our emails at receivers' mailboxes were [email protected], not [email protected], if we send emails though loging in web mail typing [email protected] in the user ID box, or by creating [email protected] accounts in MS Outlook.
  ===> Is there any way to do it?
  ===> can [email protected] account be created in MS Outlook?
  In another post about domain migration, you suggested:
  If you want to stop using the old domain, and make the new domain your "default domain", that's a little harder. It involves several steps:
  1. changing all the mail addresses.
  2. changing the "default domain" settings everywhere.
  ===> I wonder, how to do it? is there any command? ldapmodify?
  as an alternative approach, if we decide to change our email addresses to [email protected] first,
  ===> will emails sending to either [email protected] or [email protected] arrive at users who are still in the lab.D.com, if I only change all the mail addresses' domian part to aaa.com since I have added domain alias aaa.com?
  and, I do not think sending emails from [email protected] to the internet would be a problem, right???
  The iMS we use is iPlanet Messaging Server 5.2 (built Feb 21 2002), Directory Server is 4.16 which are very old versions :(
  Thanks.

  I make no claim to be a programmer, nor am I expert
  with ldap commands.
  I know of no easy way to change all, other than
  export to ldif, and use a global change with a text
  editor, and then re-import.So, db2ldif -> change in text editor -> ldif2db, right?
  Another question here is about Direct LDAP.
  I enabled Direct LDAP.
  aaa.com is the domain alias to lab.oldD.com (our old domain).
  I also have changed user alas' email addresss from alas@ lab.oldD.com to [email protected] and added mailAlternateaddress for alas as [email protected], as you instructed in previous posts.
  However, whenever I click "send" either to aaa.com or lab.oldD.com, it shows errors, for examples, - "Returning unknown or illegal alias: [email protected]", "Returning unknown or illegal alias: [email protected]"
  The log shows:
  19:17:27.62: mmc_address_to_tree: Parsing address.
  19:17:27.62: Address: "user@[127.0.0.1]" 0x00000000
  19:17:27.62: Right default: honey.lab.oldD.com
  19:17:27.62: Parsing address with null fixup.
  19:17:27.62: mmc_address_to_tree: Returning.
  19:17:27.62: Rewriting: Mbox = "user", host = "[127.0.0.1]", domain = "$*", literal = "", tag = ""
  19:17:27.62: Rewrite: "$*", position 0, hash table -
  19:17:27.62: Found: "$E$F$U%[email protected]"
  // honey is our email server
  19:17:27.62: Rewrite failed, not forward.
  19:17:27.62: Rewrite: "$*", position 1, hash table -
  19:17:27.62: Failed.
  19:17:27.62: Rewrite: "$*", position 0, rewrite database -
  19:17:27.62: Failed
  19:17:27.62: Rewriting: Mbox = "user", host = "[127.0.0.1]", domain = "[127.0.0.1]", literal = "", tag = ""
  19:17:27.62: Rewrite: "[127.0.0.1]", position 0, hash table -
  19:17:27.62: Failed
  19:17:27.62: Rewrite: "[127.0.0.1]", position 0, hash table -
  19:17:27.62: Failed.
  19:17:27.62: Rewrite: "[127.0.0.1]", position 0, rewrite database -
  19:17:27.62: Failed
  19:17:27.62: Rewriting: Mbox = "user", host = "[127.0.0.1]", domain = "[127.0.0.]", literal = "1", tag = ""
  19:17:27.62: Rewrite: "[127.0.0.*]", position 0, hash table -
  19:17:27.62: Failed
  19:17:27.62: Rewrite: "[127.0.0.]", position 0, hash table -
  19:17:27.62: Failed.
  19:17:27.62: Rewrite: "[127.0.0.]", position 0, rewrite database -
  19:17:27.62: Failed
  19:17:27.62: Rewriting: Mbox = "user", host = "[127.0.0.1]", domain = "[127.0.]", literal = "0.1", tag = ""
  19:17:27.62: Rewrite: "[127.0.*.*]", position 0, hash table -
  19:17:27.62: Failed
  19:17:27.62: Rewrite: "[127.0.]", position 0, hash table -
  19:17:27.62: Failed.
  19:17:27.62: Rewrite: "[127.0.]", position 0, rewrite database -
  19:17:27.62: Failed
  19:17:27.62: Rewriting: Mbox = "user", host = "[127.0.0.1]", domain = "[127.]", literal = "0.0.1", tag = ""
  19:17:27.62: Rewrite: "[127.*.*.*]", position 0, hash table -
  19:17:27.62: Failed
  19:17:27.62: Rewrite: "[127.]", position 0, hash table -
  19:17:27.62: Failed.
  19:17:27.62: Rewrite: "[127.]", position 0, rewrite database -
  19:17:27.62: Failed
  19:17:27.62: Rewriting: Mbox = "user", host = "[127.0.0.1]", domain = "[]", literal = "127.0.0.1", tag = ""
  19:17:27.62: Rewrite: "[]", position 0, hash table -
  19:17:27.62: Found: "$E$R${INTERNAL_IP,$L}$U%[$L]@tcp_intranet-daemon"
  19:17:27.62: Mapping: name = "INTERNAL_IP", input = "127.0.0.1".
  19:17:27.62: Mapping 2 applied to 127.0.0.1
  19:17:27.62: Entry #2 matched, pattern "127.0.0.1", template "$Y", match #0.
  19:17:27.62: New target ""
  19:17:27.62: Exiting...
  19:17:27.62: Final result ""
  19:17:27.62: Mapping result:
  19:17:27.62: New mailbox: "user".
  19:17:27.62: New host: "[127.0.0.1]".
  19:17:27.62: New route: "tcp_intranet-daemon".
  19:17:27.62: New channel system: "tcp_intranet-daemon".
  19:17:27.62: Looking up host "tcp_intranet-daemon".
  19:17:27.62: - found on channel tcp_intranet
  19:17:27.62: mmc_winit('tcp_intranet','[email protected]','') called.
  19:17:27.62: mmc_determine_url beginning with pattern , xadr , mbox , subaddress
  19:17:27.62: Queue area size 18871794, temp area size 18871794
  19:17:27.62: 4717948 blocks of effective free queue space available; setting d
  isk limit accordingly.
  19:17:27.62: mmc_address_to_tree: Parsing address.
  19:17:27.62: Address: "[email protected]" 0x00000000
  19:17:27.62: Right default: lab.oldD.com
  19:17:27.62: Parsing address with local fixup.
  19:17:27.62: mmc_address_to_tree: Returning.
  19:17:27.62: Rewriting: Mbox = "alas", host = "newD.com", domain = "$*", literal
  = "", tag = ""
  19:17:27.62: Rewrite: "$*", position 0, hash table -
  19:17:27.62: Found: "$E$F$U%[email protected]"
  19:17:27.62: Rewrite failed, not forward.
  19:17:27.62: Rewrite: "$*", position 1, hash table -
  19:17:27.62: Failed.
  19:17:27.62: Rewrite: "$*", position 0, rewrite database -
  19:17:27.62: Failed
  19:17:27.62: Rewriting: Mbox = "alas", host = "newD", domain = "newD.com", litera
  l = "", tag = ""
  19:17:27.62: Rewrite: "newD.com", position 0, hash table -
  19:17:27.62: Failed.
  19:17:27.62: Rewrite: "newD.com", position 0, rewrite database -
  19:17:27.62: Failed
  19:17:27.62: Rewriting: Mbox = "alas", host = "newD", domain = ".com", literal =
  "", tag = ""
  19:17:27.62: Rewrite: "*.com", position 0, hash table -
  19:17:27.62: Failed
  19:17:27.62: Rewrite: ".com", position 0, hash table -
  19:17:27.62: Found: "$U%$H$D@TCP-DAEMON"
  19:17:27.62: New mailbox: "alas".
  19:17:27.62: New host: "newD.com".
  19:17:27.62: New route: "TCP-DAEMON".
  19:17:27.62: New channel system: "TCP-DAEMON".
  19:17:27.62: Looking up host "TCP-DAEMON".
  19:17:27.62: - found on channel tcp_local
  19:17:27.62: mmc_address_to_tree: Parsing address.
  19:17:27.62: Address: "[email protected]" 0x00000000
  19:17:27.62: Right default: lab.oldD.com
  19:17:27.62: Parsing address with null fixup.
  19:17:27.62: mmc_address_to_tree: Returning.
  19:17:27.62: Rewriting: Mbox = "alas", host = "newD.com", domain = "$*", literal
  = "", tag = ""
  19:17:27.62: Rewrite: "$*", position 0, hash table -
  19:17:27.62: Found: "$E$F$U%[email protected]"
  19:17:27.62: Rewrite failed, not forward.
  19:17:27.62: Rewrite: "$*", position 1, hash table -
  19:17:27.62: Failed.
  19:17:27.62: Rewrite: "$*", position 0, rewrite database -
  19:17:27.62: Failed
  19:17:27.62: Rewriting: Mbox = "alas", host = "newD", domain = "newD.com", litera
  l = "", tag = ""
  19:17:27.62: Rewrite: "newD.com", position 0, hash table -
  19:17:27.62: Failed.
  19:17:27.62: Rewrite: "newD.com", position 0, rewrite database -
  19:17:27.62: Failed
  19:17:27.62: Rewriting: Mbox = "alas", host = "newD", domain = ".com", literal =
  "", tag = ""
  19:17:27.62: Rewrite: "*.com", position 0, hash table -
  19:17:27.62: Failed
  19:17:27.62: Rewrite: ".com", position 0, hash table -
  19:17:27.62: Found: "$U%$H$D@TCP-DAEMON"
  19:17:27.62: New mailbox: "alas".
  19:17:27.62: New host: "newD.com".
  19:17:27.62: New route: "TCP-DAEMON".
  19:17:27.62: New channel system: "TCP-DAEMON".
  19:17:27.62: Looking up host "TCP-DAEMON".
  19:17:27.62: - found on channel tcp_local
  19:17:27.62: Mapped return address: [email protected]
  19:17:27.62: mmc_rrply: Return detailed status information.
  19:17:27.62: mmc_rrply: Returning return address and channel OK
  19:17:27.62: mmc_wadr(0x001abd40,'','[email protected]') called.
  19:17:27.62: Copy estimate before address addition is 1
  19:17:27.62: Parsing address [email protected]
  19:17:27.62: mmc_address_to_tree: Parsing address.
  19:17:27.62: Address: "[email protected]" 0x00000000
  19:17:27.62: Right default: lab.oldD.com
  19:17:27.62: Parsing address with local fixup.
  19:17:27.62: mmc_address_to_tree: Returning.
  19:17:27.62: Rewriting: Mbox = "alas", host = "lab.oldD.com", domain = "$*", l
  iteral = "", tag = ""
  19:17:27.62: Rewrite: "$*", position 0, hash table -
  19:17:27.62: Found: "$E$F$U%[email protected]"
  19:17:27.62: Match, pattern = "lab.oldD.com", current = "(*domaincheck*)"
  19:17:27.62: old state = not checked.
  19:17:27.62: Performing domainMap check on lab.oldD.com.
  19:17:27.62: Added domainMap result 1 to cache for lab.oldD.com.
  19:17:27.62: new state = succeeded.
  19:17:27.62: New mailbox: "alas".
  19:17:27.62: New host: "lab.oldD.com".
  19:17:27.62: New route: "honey.lab.oldD.com".
  19:17:27.62: New channel system: "honey.lab.oldD.com".
  19:17:27.62: Looking up host "honey.lab.oldD.com".
  19:17:27.62: - found on channel l
  19:17:27.62: Routelocal flag set; scanning for % and !
  19:17:27.62: Address [email protected] requires local processing.
  19:17:27.62: Variant #1 = [email protected]
  19:17:27.62: Variant #2 = *@lab.oldD.com
  19:17:27.62: Checking for [email protected] in the system alias file
  19:17:27.62: - not found
  19:17:27.62: Checking for *@lab.oldD.com in the system alias file
  19:17:27.62: - not found
  19:17:27.62: - adding address [email protected] to headers.
  19:17:27.62: Copy estimate after address addition is 1
  19:17:27.63: mmc_rrply: Return detailed status information.
  19:17:27.63: mmc_rrply: Returning unknown or illegal alias: [email protected]
  I wonder why?
  Thanks.

• People Picker search order with multiple forest domains

  I had customer with multiple forest domain environment. Now the problem is that all users from one domain synced to the resource domain(Domain A) where sharepoint is installed.
  The peoplepicker is now finding at first the user in Domain A where sharepoint is installed. My Solution is now to specify the order of searching in People Picker that first all users in Domain B will return and if there is noting will return Domain A.
  All SharePoint Server(s) had Network Access to the other Domains. And there are two-way-trust konfigured.
  Any Solution for that?
  Thanks for your feedback!
  P.

  Regardless of search order, you would get both results returned. Have you tried using the UserAccountDirectoryPath property on the Site Collection to specify DC=domainB,DC=com?
  Trevor Seward
  Follow or contact me at...
  This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.
  Nice to now that i can set it up per site collection. But it do not work in my case, it indeed returned users from Domain B but Domain A, C, D and F(Examples) are excluded from People Picker.

• Domain Migration :from single domain to multiple domain.

  Hi ,
  We have an urgent requirement for the domain migration
  The scenario is currently we are using MS AD as LDAP server to store portal users and thier credentials.
  Lets say we have current domain name as : ad.abc.com
  we are planning to migrate from this domain to number of domains.our requirement is to move the portal users into thier specific domain in batches.eg out of 5 users 2 has been moved to new domain and other 3 are still in ad.abc.com.
  But after domain migration ,all the 5 users <b>should</b> be able to access all the applications and functionality of portals.
  What should we do to achieve the same?
  How portal applications will be affected by this?Can all the users access all applications without fail?
  What exactly the LDAP does in portals?
  Any help will be greatly appreciated
  Thanks in Advance
  Amit

  Hi,
  Yes, you need to prepare Active Directory and domains.
  What's more, you need to upgrade existing Exchange 2007 servers to Exchange 2007 Service Pack 2 at least.
  Here is an article for your reference.
  Exchange 2007 - Planning Roadmap for Upgrade and Coexistence
  http://technet.microsoft.com/en-us/library/dd638158(v=exchg.141).aspx
  Hope it helps.
  Best regards,
  Amy
  Amy Wang
  TechNet Community Support

• Domain migration: From single domain to Multiple

  Hi ,
  We have an urgent requirement for the domain migration
  The scenario is currently we are using MS AD as LDAP server to store portal users and thier credentials.
  Lets say we have current domain name as : ad.abc.com
  we are planning to migrate from this domain to number of domains.our requirement is to move the portal users into thier specific domain in batches.eg out of 5 users 2 has been moved to new domain and other 3 are still in ad.abc.com.
  But after domain migration ,all the 5 users should be able to access all the applications and functionality of portals.
  What should we do to achieve the same?
  How portal applications will be affected by this?Can all the users access all applications without fail?
  What exactly the LDAP does in portals?
  Any help will be greatly appreciated
  Thanks in Advance
  Amit

  Hi,
  Yes, you need to prepare Active Directory and domains.
  What's more, you need to upgrade existing Exchange 2007 servers to Exchange 2007 Service Pack 2 at least.
  Here is an article for your reference.
  Exchange 2007 - Planning Roadmap for Upgrade and Coexistence
  http://technet.microsoft.com/en-us/library/dd638158(v=exchg.141).aspx
  Hope it helps.
  Best regards,
  Amy
  Amy Wang
  TechNet Community Support

• Objects showing from another forest\domain ...

  Hello Community
      On Windows 2008 Server when I go to Windows Explorer, under "Network"
  in the right pane there are 4 columns:
  Name               Category              WorkGroup            
  Network Location
      It is here that I see my server's names under "Name", Computers under
  "Category", NetBios name under "Workgroup" and FQDN\Forest name under
  "Network Location" which is fine.
      However in addition to my own objects that I see in the right pane of
  Windows Explorer I also see objects from another domain the exists in
  a totally separate forest, how can I see or how could those objects reside
  or be displayed in my forest\domain (unless someone else put them there)?
      Thank you
      Shabeaut

  Hello Susie Long
      There is only one network.
      There are 2 separate forests.
      Each forests has has separate domains.
      Under "Network" not all of the objects from the other domain 
  in the other forest are being displayed, only some of the objects 
  from the other domain in the other forest are being displayed under "Network"
  in this forest.
      That is what is puzzling, are you saying that all of the objects from
  the other domain in the other forest should be visible in this forest and if
  so why aren't all of the objects visible (I was under the impression that
  only the objects in this domain in this forest should be visible under "Network"
  in this forest)?
      Thank you
      Shabeaut

• Deploying SCOM 2012 Agents to untrusted Forests/Domain

  Can we deploy SCOM 2012 agents to untrusted forest/domain? I don't want to use SCCM 2012 for installing agents via package deployment. Pls suggest.
  Regards,
  Ravi

  Yes, You can deploy SCOM Agent to untrusted domain manually and using Certificate.
  For deployment scom Agent, you can refer below links
  http://www.toolzz.com/?p=279
  http://jimmoldenhauer.blogspot.com/2012/11/scom-2012-deploying-agents-to-untrusted.html
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer"
  Mai Ali | My blog: Technical | Twitter:
  Mai Ali

• Post domain migration Outlook needs Flush dns intermittently

  We have office in two cities X & Y, Y city is HO. Our entire DNS Server, Exchange server is in Z i.e. Head Quarters. Y city has file server, DC, Firewall. X & Y are connected via VPN tunnel. After our domain migration from abc.com to xyz.com only
  X city few laptop users on wi-fi started getting issue of 'Outlook freeze- connection store/restore error' emails are stuck in outbox and not received. Only when we do ipconfig/release, renew, flushdns...it resolves the issue temporarily.
  We found that issue might be on Wi-fi (Cisco SOHO - 3) we have changed the DNS setting of the WI-fi, pushed the DNS in host file, pushed in laptop settings, reduced the voltage of the wi-fi. Restarted the servers in Y city. Not sure if it is DNS or Wi-FI
  issue. Still the problem persists. Please advice.

  there is no easy way to find out the issue if it is related to client side configuration. as you already mentioned that it works after making DNS changes so the issue is somewhere at the Wi-Fi. it also depends how big is the mailbox, and if the outlook is
  setup to cache mode or not.
  For further troubleshooting I will use that same laptop on the wired network.
  also if that Wi-Fi has Ethernet port I will connect a Hub/switch to it and then connect the laptop to the Ethernet.  This is tell me if the issue with Wi-Fi on the laptop or the Wi-Fi Access Point.
  Plus this thread should be moved to Outlook Forum
  Where Technology Meets Talent