 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Windows Server Forum / Exchange Server / Design / August 2005inter-org ADC 5.5 to AD within the same forest
Hi there, I've inherited a rather AD/Exch infrastructure and was hoping someone might be able to clarify the best migration approach. We have: W2K forest with an Exch 2K3 Native mode org installed into the forest root all OK. In the 2nd domain in our forest (different domain tree) we have W2K AD and an Exch 5.5 org with no ADC. We want: one forest and the existing Exch 2K3 org. The catch: due to the size of our IS, number of mailboxes & the business reliance on mail I need to allow for a period of co-existence with message flow and GAL synch. Message flow I understand. But configuring the ADC to synch between a 55 org and an existing 2K3 org within the same forest has me concerned. In my VM test lab it works - sort of. The ADC CA Wizard errors when I try to run it, saying "There is an existing org in this forest." I've configured CAs manually but I don't trust what it might do to my production AD. The question: is this possible given the 1forest = 1org rule? Is this a supportable migration path? If not are there any workarounds that enable me to put in GAL synch during the co-existence? Appreciate any feedback at all. cheers Chuck Migrating from one 5.5 org to a 2003 org (whether built or not) is what Interorg ADC CAs are for. FWIW, you could just migrate the user mailboxes and manually configure the GAL objects, but the ADC makes it easier and it stays in sync. Other options? MIIS, SimpleSync, or similar products might be useful, but I don't think it's a great idea. You could manually create the contact/custom recips if you wanted but again, why bother when this is what the ADC is for? Al > Hi there, > [quoted text clipped - 31 lines] > > Chuck Thanks Al. To clarify then - does it matter that the inter-org CA is connecting two orgs within the same AD forest? I've read exhaustively on this approach and all of the docs deal with an inter-org CA across a trust between a source forest and a target forest. Thanks for your feedback.. Chuck > Migrating from one 5.5 org to a 2003 org (whether built or not) is what > Interorg ADC CAs are for. [quoted text clipped - 42 lines] > > > > Chuck No, because 5.5 doesn't know a thing about the forest boundary. 5.5 does know about the security context in the sense that it uses accounts in the forest for the credentials to access it's resources. The ADC can address the GAL sync needs while you migrate (you'll have to use migration tools, vs. the aduc tools) which is good because you'll need to join the 5.5 and 2003 GALs together in order for the users to see the GAL objects to pick and send mail to. Like I said before, you could do the GAL population manually, but that can be overhead you don't need. Don't forget to put a RUS object in place for the new domain (and domain prep it of course). Al > Thanks Al. To clarify then - does it matter that the inter-org CA is > connecting two orgs within the same AD forest? I've read exhaustively on [quoted text clipped - 63 lines] >> > >> > Chuck Thanks very much Al, You've be very helpful - and I can't tell you how much this has reduced the fear factor! Take it easy Chuck > No, because 5.5 doesn't know a thing about the forest boundary. > 5.5 does know about the security context in the sense that it uses accounts [quoted text clipped - 80 lines] > >> > > >> > Chuck We went through something similar to this recently, but it was a tiresome task and we didn't have the time. We bought a product from Priasoft and we had it done in a weekend. You can read about it at http://www.priasoft.com. I highly recommend getting it because it made our problem a lot easier. We went through something similar to this recently, but it was a tiresome task and we didn't have the time. We bought a product from Priasoft and we had it done in a weekend. You can read about it at http://www.priasoft.com. I highly recommend getting it because it made our problem a lot easier. |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2009 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.