Connecting Three Domains/Forests

Hi. I am trying to determine the best way to connect three domains so that
they can share resources and centralise user logons. Ideally once the
domains are connected, it would be preferred if users could logon with one
user account into a new parent domain/forest and gain access to their old
domain resources as well as newly connected domains all using their new user
account.

The three existing domains are single domains in their own forest, they are
all 2003 native domains/forests, Exchange is not used in any of the domains.
Networking has been put in place between the three seperate networks such
that they are all now connected. What I was hoping to do was to create a
new fourth domain/forest and connect the existing three domains using
trusts. User accounts and groups would then be created in the new fourth
parent domain/forest and user groups would be modified/created in the old
domains to give access to the new accounts. The long term plan is to slowly
migrate all the resources from the three seperate domains into the new
fourth parent domain/forest and eventually retire the old domains.

Can anyone recommend if this is the best way to approach this problem ? Do
you also have any advice on the types of trusts I would need to create to
accomplish this ?

Thanks,
Alex.

Sounds like you have a good plan to move forward. I would create a forest
trust and then use ADMT v3 to move the objects across. I would use robocopy
to move the data across. There is no need to create any new users, using
sidHistory should allow you to move from the old to the new without any loss
of functionality.

Source must be nt4, 2000 or 2003
Target must be 2000 or 2003

First setup the dns so the two domains know of each others name space.
http://expertanswercenter.techtarget...104911,00.html

Then establish a trust between the two forests (I'm assuming it is a new
forest)
http://www.microsoft.com/technet/pro...9815f426d.mspx
http://technet2.microsoft.com/window....mspx?mfr=true

Finally you can use the migration tool:
http://www.microsoft.com/downloads/d...displaylang=en

Webcast
http://www.microsoft.com/downloads/d...displaylang=en




--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.

"Alex" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> Hi. I am trying to determine the best way to connect three domains so that
> they can share resources and centralise user logons. Ideally once the
> domains are connected, it would be preferred if users could logon with one
> user account into a new parent domain/forest and gain access to their old
> domain resources as well as newly connected domains all using their new
> user account.
>
> The three existing domains are single domains in their own forest, they
> are all 2003 native domains/forests, Exchange is not used in any of the
> domains. Networking has been put in place between the three seperate
> networks such that they are all now connected. What I was hoping to do
> was to create a new fourth domain/forest and connect the existing three
> domains using trusts. User accounts and groups would then be created in
> the new fourth parent domain/forest and user groups would be
> modified/created in the old domains to give access to the new accounts.
> The long term plan is to slowly migrate all the resources from the three
> seperate domains into the new fourth parent domain/forest and eventually
> retire the old domains.
>
> Can anyone recommend if this is the best way to approach this problem ?
> Do you also have any advice on the types of trusts I would need to create
> to accomplish this ?
>
> Thanks,
> Alex.

Hello Paul Bergson [MVP-DS],

Did you mean this one?
http://support.microsoft.com/kb/819145/

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

> Sounds like you have a good plan to move forward. I would create a
> forest trust and then use ADMT v3 to move the objects across. I would
> use robocopy to move the data across. There is no need to create any
> new users, using sidHistory should allow you to move from the old to
> the new without any loss of functionality.
>
> Source must be nt4, 2000 or 2003
> Target must be 2000 or 2003
> First setup the dns so the two domains know of each others name space.
> http://expertanswercenter.techtarget...seAnswer/0,295
> 199,sid63_gci1104911,00.html
>
> Then establish a trust between the two forests (I'm assuming it is a
> new
>
> forest)
>
> http://www.microsoft.com/technet/pro...er2003/library
> /ServerHelp/7929b0c4-efe1-409c-99e3-efe9815f426d.mspx
>
> http://technet2.microsoft.com/window...929b0c4-efe1-4
> 09c-99e3-efe9815f426d1033.mspx?mfr=true
>
> Finally you can use the migration tool:
> http://www.microsoft.com/downloads/d...=6F86937B-533A
> -466D-A8E8-AFF85AD3D212&displaylang=en
> Webcast
> http://www.microsoft.com/downloads/d...=6F86937B-533A
> -466D-A8E8-AFF85AD3D212&displaylang=en
> http://www.pbbergs.com
>
> Please no e-mails, any questions should be posted in the NewsGroup
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>
> "Alex" <(E-Mail Removed)> wrote in message
> news:%(E-Mail Removed)...
>
>> Hi. I am trying to determine the best way to connect three domains so
>> that they can share resources and centralise user logons. Ideally
>> once the domains are connected, it would be preferred if users could
>> logon with one user account into a new parent domain/forest and gain
>> access to their old domain resources as well as newly connected
>> domains all using their new user account.
>>
>> The three existing domains are single domains in their own forest,
>> they are all 2003 native domains/forests, Exchange is not used in any
>> of the domains. Networking has been put in place between the three
>> seperate networks such that they are all now connected. What I was
>> hoping to do was to create a new fourth domain/forest and connect the
>> existing three domains using trusts. User accounts and groups would
>> then be created in the new fourth parent domain/forest and user
>> groups would be modified/created in the old domains to give access to
>> the new accounts. The long term plan is to slowly migrate all the
>> resources from the three seperate domains into the new fourth parent
>> domain/forest and eventually retire the old domains.
>>
>> Can anyone recommend if this is the best way to approach this problem
>> ? Do you also have any advice on the types of trusts I would need to
>> create to accomplish this ?
>>
>> Thanks,
>> Alex.