Migrating Microsoft AD Domain to Existing BIND9 Infrastructure
MS Networking Dude
justaskme at hotmail.com
Tue Feb 15 05:44:27 UTC 2005
In news:cujai4$un3$1 at sf1.isc.org,
Millar, Jay <Jay.Millar at stjohn.org> made a post then I commented below
> To clarify, there are actually three domains involved:
>
> domain.com - static, BIND9 master server A
> ad.domain.com - dynamic, AD domain, BIND9 master server A
> other.com - dynamic, AD domain, MS DNS master server B
>
> We do in fact want to migrate the hosts in the 'other.com' domain to
> our = existing 'ad.domain.com' domain using AD with our BIND9 master.
> The 'ad.= domain.com' is an existing AD domain which we have managed
> using BIND9 fo= r several years. In the end, we will have
> accomplished consolidation of = our internal domain space (which will
> greatly simplify things for us), as= well as having eliminated our MS
> DNS server infrastructure (which most o= f us here see as a very good
> thing).
>
> So, my theory was that the migration from one domain to the other
> would s= imply involve 'unregistering' systems in the 'other.com'
> domain, then re-= registering them as new systems in 'ad.domain.com'
> one at a time.
>
To simplify things , I believe you need to concentrate on an AD migration
priort to your DNS migration. Keep in mind, any MS DNS server will host any
domain name, whether the machine is a member or a DC of that domain or not,
so it may be better to stick with MS DNS for the current migration until
your AD migration is successful, or it will just put another wrench in the
works. Simply changing the domain that the workstations are joined to will
have numerous implications on the client end, especially the users losing
their current profiles.
You'll also need to look at if Exchange is involved as well. If the current
Exchange system on other.com will continue to host mail for the migrated
users on their "changed domain" machine accounts to ad.domain.com. you will
need to make provisions for that as well. Depending on how many seats you
have will dictate the best migration method.
The ADMT (AD Migration Tool) will handle all the above. You will need to
migrate the user accounts, groups, and machine accounts into the new domain.
You can use this tool or better yet, the Exmerge tool, to migrate their
mailboxes (if they are using Exchange). The machine migration will disjoin
and join it to the new domain automatically for you. Plus there is a
security translator wizard that will allow the new user account in the new
domain to use the old profiles on the clients. You will also want to opt to
keep the SIDHistory, which will allow the new users on the new domain to
access the old resources on the old domain until you migrate those resources
over as well.Once done, you can clean the SIDHistories.
Once this is all done, as Barry pointed out, you can just slave the zones
over to your BIND servers, change all the DNS references in their IP
properties to use the BIND servers, and you should be good to go.
--
Ace
This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.
Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services
More information about the bind-users
mailing list