Share via

different active directory trusts and the prerequisites

Mike(Liangshuai) Wang 0 Reputation points
2023-03-01T02:59:01.59+00:00

Hi There,

due to historic reason, our company exists of 2 different domains. let' say A.com and B.com, B.com current integrated with O365 and Microsoft AAD. but A.com is an local and used for A site user's authentication. A.com has a subdomain called sh.a.com.

Right now we want to merge A to B or use domain trust relationship to do bidirectionally trust in between A.com and B.com to contribute to work collaboration both side.

My question would be:

  1. Merge A.com to B.com or do trust relationship between A and B which is the best choices. what is the Pros and Cons of both solutions ?
  2. as now A.com has lost of some credentials like forest admin and recovery password and etc. by previous IT he created one sub domain called. sh.A.com. and now we have the administrator information only of sh.A.com this subdomain. will this impact the domain trust between A.com and B.com ? what is the prerequisites for a successful domain trust ?
  3. Any great tooling for the domain merge which will not cause of downtime where we're able to merge A.com users and security groups whatever to B.com. and after migration the users still able to login via his previous accounts and password and nothing changes ? or make a lowest impacts to users and applications like Devops integrations, NFS share folders and etc. ?

Thanks very much for your answers.

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,636 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,246 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2023-03-01T03:28:10.6666667+00:00

    Something here could help.

    https://learn.microsoft.com/en-us/windows-server/remote/remote-access/ras/multi-forest/plan-a-multi-forest-deployment#plan-trust-between-forests

    or possibly ADMT tool for migration to new forest / domain.

    https://www.microsoft.com/en-us/download/details.aspx?id=56570

    -

    --please don't forget to upvote and Accept as answer if the reply is helpful--

  2. Thameur-BOURBITA 32,641 Reputation points
    2023-03-01T13:59:36.0333333+00:00

    Hi @Mike(Liangshuai) Wang

    1. Merge A.com to B.com or do trust relationship between A and B which is the best choices. what is the Pros and Cons of both solutions ? The migration is better because you will be able reduce the number of domain controller and high privileged . In other hand , if the migration is complicated, you can create a trust during the migration process.
    2. as now A.com has lost of some credentials like forest admin and recovery password and etc. by previous IT he created one sub domain called. sh.A.com. and now we have the administrator information only of sh.A.com this subdomain. will this impact the domain trust between A.com and B.com ? what is the prerequisites for a successful domain trust ? Yes it will impact because ,you have to use a administrator account memberof enterprise group or domain group in root domain.
      For more details please read the following link : Active Directory Forest Trust: Attention Points
    3. Any great tooling for the domain merge which will not cause of downtime where we're able to merge A.com users and security groups whatever to B.com. and after migration the users still able to login via his previous accounts and password and nothing changes ? or make a lowest impacts to users and applications like Devops integrations, NFS share folders and etc. ? During the migration ,you can reduce downtime by using a trust relationship between the source and target forest and enable SIDhistory.You can use admt tools , but I recommend you to use a third party tool like Quest Migration Manager

    Please don't forget to mark helpful answer as accepted

    0 comments