Moving AD domains within the same DNS domain namespace

  • Thread starter Thread starter ! confused
  • Start date Start date
C

! confused

Can anyone advise me?
I have just taken over an Active Directory that has been
incorrectly set up, and I need to fix it.

I have one existing Domain in the Forest that is called
NTDOM1.company.org.uk and some computers have an
Internet domain name of host.company.EMEA.org.uk, but
most servers have the name host.NTDOM1.company.EMEA.org.uk
All domains are valid on the Internet and we own and
control them all, with the SOA of the primary DNS for
them on our UNIX DNS servers in the DMZ.
Old Domain has:
host.company.EMEA.org.uk
host.NTDOM1.company.org.uk
host.NTDOM1.company.EMEA.org.uk
host.NTDOM1.company.ASIA.org.uk
plus, our Internet accessible hosts are called
host.company.org.uk

Obviously I want to fix this so that everyone and
everything has a domain name of host.company.org.uk

I intend to create a new pristine domain with a NETBios
name of 'company' with a DNS namespace of company.org.uk
and then create an Inter-Forest trust and migrate users
and computers into the new domain company.org.uk from
the AD DNS Zone of NTDOM1.company.org.uk and resolve
any computers that are in the DNS zone
company.EMEA.org.uk

The question is - I have a DNS Zone for company.org.uk
and have some manually entered hosts already in that zone
(it is a non-integrated Zone as it has no _MSDCS or _TCP
zones etc.) will this existing Zone cause a problem? Do I
need to ensure that every client and server does not have
this domain name configured on them? Is it possible to
create a new Domain in a new Forest that has this overlap?
 
In
! confused said:
Can anyone advise me?
I have just taken over an Active Directory that has been
incorrectly set up, and I need to fix it.

I have one existing Domain in the Forest that is called
NTDOM1.company.org.uk and some computers have an
Internet domain name of host.company.EMEA.org.uk, but
most servers have the name host.NTDOM1.company.EMEA.org.uk
All domains are valid on the Internet and we own and
control them all, with the SOA of the primary DNS for
them on our UNIX DNS servers in the DMZ.
Old Domain has:
host.company.EMEA.org.uk
host.NTDOM1.company.org.uk
host.NTDOM1.company.EMEA.org.uk
host.NTDOM1.company.ASIA.org.uk
plus, our Internet accessible hosts are called
host.company.org.uk

Obviously I want to fix this so that everyone and
everything has a domain name of host.company.org.uk

I intend to create a new pristine domain with a NETBios
name of 'company' with a DNS namespace of company.org.uk
and then create an Inter-Forest trust and migrate users
and computers into the new domain company.org.uk from
the AD DNS Zone of NTDOM1.company.org.uk and resolve
any computers that are in the DNS zone
company.EMEA.org.uk

The question is - I have a DNS Zone for company.org.uk
and have some manually entered hosts already in that zone
(it is a non-integrated Zone as it has no _MSDCS or _TCP
zones etc.) will this existing Zone cause a problem?
Click to expand...

Nope, not that I can see, as long as the SRV records do not exist, and I see
no reason why they don't exist since the old AD domains are not using this
name. So go ahead and use this for your new pristine forest.
Do I
need to ensure that every client and server does not have
this domain name configured on them?
Click to expand...

With AD and DDNS, the Primary DNS Suffix must be set to the domain name that
you want to register into (DCs and clients). When using ADMT to migrate the
computer accounts, it will automatically set this name in it's settings.
Is it possible to
create a new Domain in a new Forest that has this overlap?
Click to expand...

Sure, as long as the NetBIOS domain names are not the same. This way you can
create the trust in order to use ADMT. Since the SRVs don't exist, you
should be fine.




--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
In ! confused <[email protected]> posted their thoughts, then
I offered mine

To add, if there are any SRV overlaps, you can opt to use a separate DNS
server for the new forest's domain while doing this. Since DNS is not
broadcast based, there will be NO problems with this scenario. But I don't
see a reason based on your description for doing so since the original AD
domain names are not the same as the new one you are creating.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
Back
Top