intraforest migration

By taz1nl ·

I am performing an intraforest migration where we will have one empty root domain .local (currently our only domain) and have several subdomains beneath this root. The subdomains are needed for different security requirements etc.

Here's the steps:

1. create subdomains for each of our regions
2. they will have they own security policies, user rights assignments, auditing etc
3. subdomains also have their own replication, ie they will only replicate to DC's within their own subdomain and not to any domain. This can control replication.
4. the root domain will eventually be 'empty' ie only serve as a placeholder that contains only the root domain DC's, and these DC's will only replicate to each other and not the any subdomain DC's.
5. Add the subdomain info into RUS on the root exchange 2003 server, so users in the subdomains can get emails.

With me so far?

So each subdomain has it's own users, computers and printers but still they can share distribution lists and security groups (universal security groups). If we choose the default security groups wisely, roaming users won't have any problem logging on in a different office.

My questions is:

1. Is it best to just convert all our groups into Universal groups so that a) all our users can logon to any office they visit while travelling and b) so resources can be accessed from anywhere? We currently have one forest that is both 2003 domain and forest functional level.

2. Would it be best to just leave these converted universal groups in the root domain, or move them to their respective subdomains? But only migrate the users over?

3. Is it required to run /domainprep when creating the subdomains? I suppose this is best done before promoting the server to AD?

Our setup isn't huge - we have about 24 sites around the globe which currently have less than 400 users total. We will be using ADMT v3 for migrating users.

But our main concern is roaming users being able to logon in another office can this be best accomplished given the above?

Please advise.


This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Related Discussions

Related Forums