Separate domain controllers with same domain name - want to merge

I have inherited a network structure for which I am trying to make more
productive. I work for a company that has 2 offices in separate locations.
The offices are connected by T1 through a VPN. The offices also have the
same exact domain name, however, each office has its own active directory
structure with its own domain controller. So obviously anytime we need to
add a network account, or do any administration, we have to do it on both
DC's. My objective is to merge these domains/domain controllers, but am
looking for suggestions on the best way to do it. Does anyone have any ideas
for me?
Thanks in advance!

-Chris

AFAIK the only way to do this is to remove AD from one of the domain
controllers, then add it back and in the process, join it to the remaining
domain.

You would then have to go around to all the computers/member servers in the
decommissioned domain and add them to the remaining domain and deal with the
new profiles that would be created.

Maybe take the smaller of the two domains, decommission it and add it to the
larger of the two domains?

hth
DDS

"Chris Reynolds" <(E-Mail Removed)> wrote in message
news:8919FE92-59E6-4BFB-8F7B-(E-Mail Removed)...
>I have inherited a network structure for which I am trying to make more
> productive. I work for a company that has 2 offices in separate
> locations.
> The offices are connected by T1 through a VPN. The offices also have the
> same exact domain name, however, each office has its own active directory
> structure with its own domain controller. So obviously anytime we need to
> add a network account, or do any administration, we have to do it on both
> DC's. My objective is to merge these domains/domain controllers, but am
> looking for suggestions on the best way to do it. Does anyone have any
> ideas
> for me?
> Thanks in advance!
>
> -Chris

I thought there was something like renaiming domains.
http://www.microsoft.com/technet/dow...ainrename.mspx

"Danny Sanders" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> AFAIK the only way to do this is to remove AD from one of the domain
> controllers, then add it back and in the process, join it to the remaining
> domain.
>
> You would then have to go around to all the computers/member servers in
> the decommissioned domain and add them to the remaining domain and deal
> with the new profiles that would be created.
>
> Maybe take the smaller of the two domains, decommission it and add it to
> the larger of the two domains?
>
> hth
> DDS
>
> "Chris Reynolds" <(E-Mail Removed)> wrote in
> message news:8919FE92-59E6-4BFB-8F7B-(E-Mail Removed)...
>>I have inherited a network structure for which I am trying to make more
>> productive. I work for a company that has 2 offices in separate
>> locations.
>> The offices are connected by T1 through a VPN. The offices also have the
>> same exact domain name, however, each office has its own active directory
>> structure with its own domain controller. So obviously anytime we need
>> to
>> add a network account, or do any administration, we have to do it on both
>> DC's. My objective is to merge these domains/domain controllers, but am
>> looking for suggestions on the best way to do it. Does anyone have any
>> ideas
>> for me?
>> Thanks in advance!
>>
>> -Chris
>
>

I think where my confusion comes in is that both domains have identical
network accounts set up, but I guess that doesnt matter if I decommision one
of the domain controllers. And I know that I can copy profiles, so I dont
think that will be such an issue when I rejoin the computers to the domain.
But it does raise the question whether or not a new profile will actually be
created since the domain name is the same in both offices. Confusing? I
know it is! Frustrating too! What I wonder though is if it is possible to
migrate all accounts on the domain controller that I will decommision and
overwrite the like account in the remaining domain. The other piece to this
puzzle is I will have to migrate/merge exchange mailboxes, but I think I will
be ok there too.
I have one other question. And this may be stupid, so if it is, please
excuse my ignornace. But if I create a secondary domain controller for my
office, then ship it to the other office and bring it up before I decommision
their domain controller, will that cause any problems/conflicts? Please keep
in mind that the domain name is the same.
Thanks again for all the help/input!

"Guus Ellenkamp" wrote:

> I thought there was something like renaiming domains.
> http://www.microsoft.com/technet/dow...ainrename.mspx
>
> "Danny Sanders" <(E-Mail Removed)> wrote in message
> news:%(E-Mail Removed)...
> > AFAIK the only way to do this is to remove AD from one of the domain
> > controllers, then add it back and in the process, join it to the remaining
> > domain.
> >
> > You would then have to go around to all the computers/member servers in
> > the decommissioned domain and add them to the remaining domain and deal
> > with the new profiles that would be created.
> >
> > Maybe take the smaller of the two domains, decommission it and add it to
> > the larger of the two domains?
> >
> > hth
> > DDS
> >
> > "Chris Reynolds" <(E-Mail Removed)> wrote in
> > message news:8919FE92-59E6-4BFB-8F7B-(E-Mail Removed)...
> >>I have inherited a network structure for which I am trying to make more
> >> productive. I work for a company that has 2 offices in separate
> >> locations.
> >> The offices are connected by T1 through a VPN. The offices also have the
> >> same exact domain name, however, each office has its own active directory
> >> structure with its own domain controller. So obviously anytime we need
> >> to
> >> add a network account, or do any administration, we have to do it on both
> >> DC's. My objective is to merge these domains/domain controllers, but am
> >> looking for suggestions on the best way to do it. Does anyone have any
> >> ideas
> >> for me?
> >> Thanks in advance!
> >>
> >> -Chris
> >
> >
>
>
>

>I think where my confusion comes in is that both domains have identical
> network accounts set up, but I guess that doesnt matter if I decommision
> one
> of the domain controllers. And I know that I can copy profiles, so I dont
> think that will be such an issue when I rejoin the computers to the
> domain.
> But it does raise the question whether or not a new profile will actually
> be
> created since the domain name is the same in both offices.


You can name the two domains the same but the SAM is different. When you
create a domain it has a unique SAM. The only way to have the same SAM on a
second DC is to join the second DC to the original domain during the
promotion process.
This would prevent someone from coming into your office, unplugging your DC,
setting up their DC with the same name as your DC and hijacking your domain.
Making themselves domain admin in their domain with your hijacked computers.

What I wonder though is if it is possible to
> migrate all accounts on the domain controller that I will decommission and
> overwrite the like account in the remaining domain.

Not sure what this would accomplish. The reason you picked *this* domain to
decommission is because you wanted to keep the accounts in the *other*
domain.

But if I create a secondary domain controller for my
> office, then ship it to the other office and bring it up before I
> decommision
> their domain controller, will that cause any problems/conflicts? Please
> keep
> in mind that the domain name is the same.

Forget the domain name. These are two separate domains. Someone will still
have to add the PCs to the new domain in that office.

hth
DDS

"Chris Reynolds" <(E-Mail Removed)> wrote in message
news:9A78D6F1-3D57-4D8C-AD6F-(E-Mail Removed)...
>I think where my confusion comes in is that both domains have identical
> network accounts set up, but I guess that doesnt matter if I decommision
> one
> of the domain controllers. And I know that I can copy profiles, so I dont
> think that will be such an issue when I rejoin the computers to the
> domain.
> But it does raise the question whether or not a new profile will actually
> be
> created since the domain name is the same in both offices. Confusing? I
> know it is! Frustrating too! What I wonder though is if it is possible
> to
> migrate all accounts on the domain controller that I will decommision and
> overwrite the like account in the remaining domain. The other piece to
> this
> puzzle is I will have to migrate/merge exchange mailboxes, but I think I
> will
> be ok there too.
> I have one other question. And this may be stupid, so if it is, please
> excuse my ignornace. But if I create a secondary domain controller for my
> office, then ship it to the other office and bring it up before I
> decommision
> their domain controller, will that cause any problems/conflicts? Please
> keep
> in mind that the domain name is the same.
> Thanks again for all the help/input!
>
> "Guus Ellenkamp" wrote:
>
>> I thought there was something like renaiming domains.
>> http://www.microsoft.com/technet/dow...ainrename.mspx
>>
>> "Danny Sanders" <(E-Mail Removed)> wrote in message
>> news:%(E-Mail Removed)...
>> > AFAIK the only way to do this is to remove AD from one of the domain
>> > controllers, then add it back and in the process, join it to the
>> > remaining
>> > domain.
>> >
>> > You would then have to go around to all the computers/member servers in
>> > the decommissioned domain and add them to the remaining domain and deal
>> > with the new profiles that would be created.
>> >
>> > Maybe take the smaller of the two domains, decommission it and add it
>> > to
>> > the larger of the two domains?
>> >
>> > hth
>> > DDS
>> >
>> > "Chris Reynolds" <(E-Mail Removed)> wrote in
>> > message news:8919FE92-59E6-4BFB-8F7B-(E-Mail Removed)...
>> >>I have inherited a network structure for which I am trying to make more
>> >> productive. I work for a company that has 2 offices in separate
>> >> locations.
>> >> The offices are connected by T1 through a VPN. The offices also have
>> >> the
>> >> same exact domain name, however, each office has its own active
>> >> directory
>> >> structure with its own domain controller. So obviously anytime we
>> >> need
>> >> to
>> >> add a network account, or do any administration, we have to do it on
>> >> both
>> >> DC's. My objective is to merge these domains/domain controllers, but
>> >> am
>> >> looking for suggestions on the best way to do it. Does anyone have
>> >> any
>> >> ideas
>> >> for me?
>> >> Thanks in advance!
>> >>
>> >> -Chris
>> >
>> >
>>
>>
>>