Share via

AD Forest seperation and migration

Srinivasan Ramdass 96 Reputation points
2023-06-27T12:30:00.21+00:00

Hi,

I have the below scenario.

3 Forest - test.com, dev.com and lab.com

Test.com has a domain testing.test.com and both end-users and critical servers on the same domain within the same forest. All user identities are synchronized with Azure AD using azure AD connect to utilize the SAAS applications,

Also, test.com has two-way forest between dev.com.

Now we have a requirement to segregate End-user and Critical systems which is hosted on the same forest /domain by creating a new forest and migrate the end user identities / devices to the new tenant.

Can you share your ideas / plan to segregate and migrate the users to the new forest / tenant pls.

Appreciate your suggestions.

Thanks,

Srini

Windows for business | Windows Client for IT Pros | Directory services | Active Directory
Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Limitless Technology 45,026 Reputation points
    2023-06-28T12:22:00.7733333+00:00

    Hello Srinivasan,

    Thank you for your question and for reaching out with your question today.

    To segregate end-users and critical systems within the same forest/domain and migrate the end-user identities/devices to a new forest/tenant, you can follow a general plan as outlined below:

    1. Design the new forest/tenant: Determine the architecture and design of the new forest/tenant, including domain structure, trust relationships, and naming conventions. Consider factors like scalability, security, and future growth.
    2. Prepare the new forest/tenant environment: Set up the new forest/tenant infrastructure, including deploying domain controllers, establishing trust relationships between the existing and new forests, and configuring necessary network connectivity.
    3. Establish identity synchronization: Configure Azure AD Connect to synchronize the end-user identities from the existing forest/domain to the new forest/tenant. Ensure that user accounts, group memberships, and attributes are correctly synchronized.
    4. Migrate end-user identities: Plan and execute the migration of end-user identities to the new forest/tenant. This may involve creating new user accounts in the new forest, migrating user profiles and data, and reconfiguring user devices to join the new domain.
    5. Test and validate migration: Perform thorough testing and validation of the migrated end-user identities in the new forest/tenant. Test authentication, access to resources, and any specific applications or services used by end-users.
    6. Migrate critical systems: Once the end-user migration is successfully completed, plan and execute the migration of critical systems to the new forest/tenant. This may involve migrating servers, configuring trust relationships, and ensuring appropriate access controls and permissions are in place.
    7. Decommission old resources: After confirming the successful migration and functionality of the new forest/tenant, decommission or repurpose resources from the old forest/domain. This may include decommissioning old domain controllers, removing trust relationships, and updating DNS records.

    It's important to note that this is a high-level plan, and the actual implementation steps may vary based on your specific environment and requirements.

    I used AI provided by ChatGPT to formulate part of this response. I have verified that the information is accurate before sharing it with you.

    If the reply was helpful, please don’t forget to upvote or accept as answer.

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.