Multiple Domain Headache on a WAN 1

[codered10]

Hello all,

Our school district, which encompasses 5 different buildings previously had totally separate networks running in each building. This included separate domains, DC's, everything. Now, we have connected our 5 building by a high-speed WAN connection, which has made things much easier overall.

However, I am now faced with having 5 domains on the network, and would really like to eliminate that problem. Is it possible to combine all 5 domains into 1 domain? I will still have a server in each building, so I'm guessing one will have to be a PDC and the other 4 SDC's. Is that correct?

Or, am I being foolish by wanting to combine these domains? In my little mind, I see it being much easier to adminstrate one domain, rather than 5.

Any suggestions on how to go about this are greatly appreciated.

Thanks a ton,
codered10

 

[primate]

Yes you can combine them all into one domain using Active Directory sites. IMO its defintely the best way to do things unless you've got a massive network or strange design issues. You'd want the server that will hold the FSMO roles to be the "best" server and the one with the most bandwidth available.

Heres a link to a thread where I talked about this before

http://www.tek-tips.com/viewthread.cfm?SQID=786297&SPID=96&newpid=96&page=1

Although this was from the perspective of just adding a new site to a domain rather than consolidating existing domains.

There are a lot of MS KB articles about this so get your head in there and start reading!

 

[codered10]

Looks like some good info. Thankfully, I have time do a lot of reading right now.

Two quick questions: when you are taking about subnets, are you talking IP Subnets? I ask because my entire network in on one subnet.

Also, is it going to cause problems that all of my domains have different names? I'm guessing not, but want to make sure.

Thanks for the other info, and I'll begin reading in the KB.

codered10

Thanks a ton,
codered10

 

[codered10]

Okay...

As I continue to read, I know I have a TON to learn. Any suggested reading would be welcome!

On the other hand, can anyone help out on how to join my 5 domains to the same forest? I'm thinking that's a reasonable first step

Thanks a ton,
codered10

 

[primate]

Hi

Yes I do mean IP subnets. Out of interest, how is your network configured if all your sites are on the same subnet?

When you ask about whether the fact that all the domains have different names matters - If you consolidate all the domains into one, then the existing domains won't exist anymore - you effectively have to bin them and then join the non-domain networks to the new consolidated domain - this isn't going to be easy by any means if you follow this route.

As you identify you can set up interdomain trust relationships and create a forest but whenever I've tried this its always gone a bit awry so I am not the best person to advise you about this, and its why I avoid it and stick to using AD sites and one domain.

 

[codered10]

Okay...maybe a WAN isn't quite the way to describe our setup.

We currently have about 600 computers in the 5 different buildings. Our buildings are connected by a high-speed wireless bridge. We have one external fiber connection for our entire district which is shared over the wireless bridge.

For our IP's, we use a simple schema of 10.1.x.x is Building 1, 10.2.x.x is Building 2, etc., and they all run with the same subnet mask of 255.0.0.0 This setup has worked great for us so far. Another twist is that we are running in mixed mode right now with one old NT4 server...but if that's a problem, I will do away with that server in a HEARTBEAT

Another question - if I'm going to end up binning my old domains, am I going to have to recreate usernames/passwords, etc? It's not the end of the world if I do...just want to be sure going in.

Thanks so much for your help so far, primate...having this forum is AWESOME

Thanks a ton,
codered10

 

[Seumas13]

Hi, codered10.

I have two thoughts:

1) have you considered Promoting one of the DCs to be a Forest Controller, then add the other Domains under the new Forest? (I'm relatively new to this side of Win2K Management, so I'm not sure EXACTLY how to accomplish this, but it's somewhere to look.)

2) As far as your IP setup, if your Wireless Bridges can be setup to Route instead of just Bridge, then I would recommend you change your Sub-Net to 255.255.0.0 - that way it will keep local traffic within the one Building (the other sites don't need to hear it) and if you add sites in the future (especially if they require a routed connection) it will be easier to manage.

Just some thoughts...

Seumas

 

[primate]

Hi codered,

Yes if you go down the route of binning the existing domains all the user accounts will need to be recreated in the new domain, you can export and reimport the user account names into the new domain, but they will be effectively new accounts. The other thing to bear in mind with this is that you will have to reapply NTFS permissions etc, think roaming profiles, home folders etc etc.

I think you're best setting up a few of lab machines and trying to set up a forest with inter-domain trusts and see how you get on with this and whether you think its the best route for you. Then also try the way I've suggested which IMO will result in the cleanest setup at the end but will require a lot more work to set up.

AD Sites work by assuming that the separate sites are on different IP subnets so not only will you need to completely redesign your AD network your going to have to redesign the layer 3 side of things too.

Fortunately of course you don't have to do it all at once, you can try one building at a time and phase it in as and when its convenient to bring a new building in.