Splitting One Domain Into Two

0 pts.
Tags:
DataCenter
Networking
I manage a LAN comprised of 4 subnets. My company wants one of the subnets split out into another separate domain. Call the original domain, domain A and the new domain, domain B. Both current DCs are Win 2000. A and B will each get one of the two existing DCs (because of the way the split worked out). Two new DCs will be bought to add to A and B, so each will have two DCs, one old DC and one new DC. Domain B will need to have all its nodes moved over into a new domain (off of domain A) and the old DC brought over into the new domain. Domain A will need to have a second DC built for it. I am struggling with the best to accomplish all this. I feel it is sound thinking to build a new DC for domain B, and move all the nodes over to the NEW domain B DC. I am not sure how best to handle the existing DC (Win2000) on domain B. It will have the old domain A Active Directory structure on it. Could I demote it back to a member server, move it to the new domain B, and then dcpromo it back to a DC on the new domain? Would this safely clear out the old AD database? Or would it be safer to rebuild the original DC as Server 2003 so both DCs would be on 2003? I will also have to build a second DC for domain A. Its existing DC will have the FISMO roles. What all is involved in putting a Win 2003 DC on a domain that currently has a Win 2000 DC as the FISMOs. I don't know enough about the differences in 2000 and 2003 to know what the "gotchas" are. Also I've never done anything quite like this before. All thoughts welcome.
ASKED: December 12, 2006  5:39 PM
UPDATED: December 14, 2006  9:13 AM

Answer Wiki

Thanks. We'll let you know when a new response is added.

umm, not sure how to approach this. It seems you are mistaking subnets with domain boundries. This is not true. There is no need to create a new domain becuase you are spliting out your network.

Perhaps I missed something here?

Cordially,
Geoff Hughes
geoff@iis-resources.com

http://www.virtualserver-resources.com

Discuss This Question: 6  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • PaperMaker
    Yes, it really has to be a new domain. In effect it it going to be a separate company that will be running on the new (B) domain.
    0 pointsBadges:
    report
  • Marcola
    IF you are planning on migrating to a 2003 domain then here is what I would do. Remembering that the following approach ensures you are never without at least 2 DC's in either domain that is hosting the accounts. 1. Run domain and forest prep from the 2003 CD on your 2000 DC's. 2. Upgrade both 2000 DC's to 2003. 3. Build new 2003 DC for old domain. 4. Build new 2003 DC for new domain. You now have 3 DC's in old domain and 1 in the new domain. 5. DCPROMO and demote to memberserver 1 DC from the old domain. 6. Wait for your replication and ensure all metadata from newly demoted machine is out of AD. (use ADSIEDIT to look for lingering objects) 7. Add demoted server to the new domain. 8. DCPROMO memberserver in new domain. 9. Setup/configure trust relationships between old and new domain. 10. Use ADMT (Active Directory Migration Tool) to move machines and accounts to the new domain. 11. Make sure modify/add your Sites and Subnets in Active Direct Sites and Services. Viola! Hope this helps and simplifies this for you.
    0 pointsBadges:
    report
  • PDMeat
    Depending on whether you can get the new domain controllers before you split the domain, you can create the new domain and then just use the Active Directory Migration Tool to move over the objects to the new DC and then decom the old domain. Then take that old DC that was decom, move it onto the new domain and dcpromo it. Then just add the second new DC to the original domain. Another method would be to demote one DC in the existing domain, create a new domain on it running dcpromo then export all of the user/group objects you want, delete the objects from the old domain and then import them back into the new domain. ADMT can automate the same process for you. You don't always have to create new domains, IMO. It's ok to just use seperate OUs as long as you don't need different password policies, exchange default SMTP addresses or seperate domain admins. If you require any of those, a different domain is probably easier.
    0 pointsBadges:
    report
  • Petroleumman
    Hello, From your scenario it sounds like what you want to do is create a 'child domain' of your forest root. Since your buying new hardware, start by building a new DC which will be the master DC of your new chaild domain. Follow these steps to get thisngs started; A. Windows 2000 allows the creation of a domain as a child of another domain. When two or more domains are joined in a parent-child relationship a domain tree is formed. A child domain is created when executing the DCPROMO.EXE image and the parent domain must be accessible to create. Install Windows 2000 on the machine Ensure the machine has TCP/IP and DNS configured correctly Execute DCPROMO Click Next to continue the upgrade Select 'Domain controller for a new domain' and click Next Select 'Create a new child domain in an existing domain tree' and click Next Enter a Username, password and domain you will be using to join the domain tree. This account must reside in the parent domain a domain in the forest you are joining. Click Next Select the parent domain name by selecting Browse, e.g. savilltech.com. Enter the child domain (just the left most part), e.g. legal. The new complete name will be shown, e.g. legal.savilltech.com. Click Next If this is a new domain controller enter a NetBIOS name for backwards compatibility. By default it will be the left most 15 characters of the DNS domain name (up to the first .). If you are upgrading an existing DC then the NetBIOS name cannot be changed. Click Next Database and log locations will be shown. Click Next The System Volume area will be shown. Click Next An option to weaken security for 4.0 RAS servers. Select your option and click Next A summary will be shown. Click Next The new domain creation will begin Click Finish and reboot the machine Once you have created your new domain, you can populate it by moving user and computer objects into it from the root domain. You can then decommision one of your old DC's and move it to the new domain then promote it and start replication. You'll find that with a child domain your going to have much better control of it in the forest than a completely independent domain, plus you can share resources from the root to the child. Good luck!
    0 pointsBadges:
    report
  • PaperMaker
    Hi petroleumman I don't need a child domain of the original domain. This new domain will be a entirely separate domain. It is a new company "spun off" if you will from the old company. I have been tasked with getting the original domain split out and a new domain established from part of the original. Once the new domain is established it will belong to the new company and will no longer be my resposnibility...but part of the deal was that I get them set up so they would be autonomous, then it's theirs.
    0 pointsBadges:
    report
  • Enterprisephil
    Hi... not too clear on existing AD structure. But this advantage on splitting a domain is good at this URL http://www.asu.edu/it/w2k/documents/ms_review.html "By splitting a domain into two or more smaller domains, you can decrease the amount of replication traffic that will travel over a particular link. Examine each edge in the replication path and decide if you will permit the replication traffic or split the domain." http://www.petri.co.il/windows_2003_domain_rename.htm Some of the links at the bottom of this url may guide you in what exactly you want to do. If you still are'nt too sure then write to Daniel Petri at that site...he may be able to guide you better. good luck
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following