durx
Mon Jun 16 04:25:08 PDT 2008
Thanks for the replay Ace.
The reason we dont want to rebuild a new domain is that we have some
3rd party apps that are linked to our domain name and would take
extensive work to have them migrated, plus our financial service are
licensed and built around the domain name not to mention Citrix and
the whole pain of a multi site DFS.
We decided the easiest way was to only rebuild 1 single side of the
merge and bring all of their servers and services into our domain, but
not as a child domain.
Both companies use exchange, and they have 4 exchange servers, we have
3 to consider.
Phil
On 14 Jun, 18:07, "Ace Fekay [MVP]" <PleaseAs...@SomeDomain.com>
wrote:
> Innews:20a609e8-8fff-42df-9fd6-ed1dcb116328@z72g2000hsb.googlegroups.com,durx<phil.dur...@work-inc.com> typed:
>
>
>
>
>
> > We are due to merge with a another company, and due to us having a
> > more complex AD structure we are bringing the new domain into our AD.
>
> > We want to try and hide our domain.com from the end users of the new
> > company and ours and show a newdom.com (its a bit sensitive as the CEO
> > does not want the users to feel that they now all belong to old
> > domain.com).
> > I have created a new Domain suffix newdom.com so new and migrated
> > users have this account, but on its own this is not enough.
>
> > is there a way to alias the domain, i did hear about a dname in DNS,
> > but cannot find an real info or if it will hide or alias my existing
> > domain.
>
> > There are other complications in the form of an extensive DFS
> > namespace but i will post that in the relevant group, but i need
> > something that will also alias the DFS.
>
> > regards
>
> > Phil
>
> What exactly do you mean by "brining the new domain into our AD?" Are you
> going to migrate their domain into a new child domain in your existing
> forest?
>
> DNS CNAMES, is what you are probably referring to, is problematic with AD
> SRV records. Even with DFS. DFS uses the DNS hostname LdapIpAddress
> reference, which would be in a single domain environment, the domain name or
> 'domain.com' to connect by. If a child domain, such as if you were to
> migrate their domain into a child domain, would be "newdomain.domain.com,"
> if that makes sense.
>
> Assuming you want to migrate the other company's domain into your forest, it
> will not really be possible to hide your infrastructure. Remember, and also
> assuming if you say your infrastructure is that much more complex and
> probably multi-site, you have WINS running and that allow your domain to
> show up in the neighborhood.
>
> A new suffix will allow them to logon on with that sufffix using the UPN
> method, and once again I'm assuming a migration, but if they logon with the
> standard 3-line method (username, password and drop-down box for the NetBIOS
> domain name) all trusted domains will show up in the drop-down domain box.
>
> If Exchange is in use, when a user looks up another person's properties of
> their GAL entry, they can see the old domain name. There's really no way to
> hide that. I mean you can change everyone's email suffix too, but then you
> still need to have the old one in place so as to receive mail from business
> partners and customers to their old email addresses.
>
> Why not just build a whole new domain and migrate everything into it? That
> will clean up everything.
>
> Many companies merge and don't try to hide the old domain. It's just a fact
> of life in the corporate world when mergers or takeovers occur. I have two
> customers that went thru a merger and one that took over another company. In
> that latter, they just merged them in. I taught the IT staff how to teach
> their folks to logon to the new domain, but they kept their old email
> addresses and taught them how their reply-to will change to the new company.
> It's not like the old or new folks don't know about it, you have to give
> them credit for their intelligence. Nor does it really affect them either
> way other than complicate matters for your IT staff when trying to alter
> default AD functionality and making it more difficult when supporting issues
> that arise from it.
>
> Maybe you can elaborate a bit more in reference to our discussion on your
> current environment and clear up my assumptions and statements, please? It's
> difficult to assist with limited information and I'm going by what you
> posted.
>
> --
> Regards,
> Ace
>
> This posting is provided "AS-IS" with no warranties or guarantees and
> confers no rights.
>
> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT,
> MVP Microsoft MVP - Directory Services
> Microsoft Certified Trainer
>
> For urgent issues, you may want to contact Microsoft PSS directly. Please
> check
http://support.microsoft.comfor regional support phone numbers.
>
> Infinite Diversities in Infinite Combinations- Hide quoted text -
>
> - Show quoted text -