I have just returned from the MVP summit in Redmond, where I spent the best part of a week with the Active Directory Product Group and other Directory Services MVP’s. In conversation with a
fellow Directory Services MVP Microsoft PFE Mike Kline, I mentioned a way that I had spoofed a domain to ensure a DFS namespace continued to seamlessly function after a company we had acquired was integrated into our environment. Mike thought it would be a good insight for me to share.
We are company XYZ Ltd. and we have an Active Directory forest called xyz.com.
We buy ABC Ltd. who are part of a larger company and they have servers in a domain called continent.abc.com, which is a child domain in a global forest.
Ignoring logistics around user accounts and file permissioning (which was also resolved), when company became our entity, we acquired their file servers (but no Domain Controllers)but we had to enable them to be able to access their existing data in the same DFS namespace as a majority of the files all had embedded links and shortcuts.
The way I achieved this was by using a standalone DFS Server and DNS.
In our domain xyz.com I built a domain joined windows server called the same as the domain name that was used for DFS-N resolution in the acquired company. In this case continent(.xyz.com).
In our domain (xyz.com) I then created a DNS zone called abc.com and then created a CNAME pointing to continent.xyz.com within the abc.com zone, this way I ended up with a server addressable as continent.abc.com. On continent.xyz.com I installed DFS as a standalone implementation and configured all the targets, after which I was left with a server emulating the acquired companies old domain and DFS Namespace.
It goes without saying that this was a temporary solution, as the standalone server was a single point of failure, but it got us over the initial hurdle of seamless data access in a hurry.
I am pleased to say that I recently achieved my Microsoft Certified Master’s (MCM) in Windows Server 2008:Directory. The MCM qualification for me is the culmination of three weeks1 intensive training in Redmond, three written exams and an eight hour practical examination.
The core focus of my three weeks in Redmond was Domain Services, which to many people is Active Directory. The Domain Services content, included deep dive sessions on Authentication; Replication; Backup and Disaster Recovery; Migration and upgrades; DNS, DFS, Troubleshooting and Group Policy.
1 The complete subject matter for the three weeks consisted of:
- Active Directory:Domain Services
- Active Directory:Lightweight Directory Services
- Active Directory:Certificate Services
- Active Directory:Rights Management Services
- Active Directory:Federation Services
Currently I am one of three Certified Masters in the UK and the only freelance consultant; but my certification experience does not stop here, I now have to take a couple of exams on the 2008 R2 content and I hopefully then will be a 2008 and 2008 R2 Certified Master. If you are considering taking your MCM Certification in Active Directory, please feel free to contact me to discuss the experience or if you prefer I can connect you with the program lead.
Microsoft have released ADMT 3.2 and this guide details how to use the Active Directory Migration tool to migrate users, groups, managed service accounts and computers between Active Directory domains in different forests (interforest migration) or between Active Directory domains in the same forest (intraforest migration).
It also shows how to use ADMT to perform security translation between different Active Directory forests.
Microsoft have released to the web ADMT 3.2.
ADMT v3.2 can be deployed to migrate users, groups, service accounts, and computers between Active Directory domains in different forests (inter-forest migration) or between Active Directory domains in the same forest (intra-forest migration). Unlike the previous version 3.1; ADMT 3.2 can run on Windows Server 2008 R2 server.
ADMT 3.2 cannot be used to migrate from Windows 2000 based Active Directory forests.
Download ADMT 3.2
What’s New in ADMT 3.2
The primary improvements in the Active Directory Migration Tool version 3.2 (ADMT v3.2) are compatibility between ADMT and current versions of Microsoft Windows operating systems. Specifically, you can install and run ADMT v3.2 on editions of the Windows Server 2008 R2 operating system, which does not support installation of earlier versions of ADMT. In addition, you can use ADMT v3.2 to migrate managed service accounts, which are a new feature in Windows Server 2008 R2.
SQL Server database installation changes
Before you can install ADMT v3.2, you must have Microsoft SQL Server 2005 Express with Service Pack 3 (SP3), SQL Server 2008 Express with Service Pack 1 (SP1), or SQL Server 2005 or later installed, and you must have configured a database instance for ADMT to use. If you plan to run the ADMT v3.2 console locally on the computer that hosts SQL Server, you can use SQL Server Express. We recommend that you also install the latest service packs for SQL Server.
Managed Service Account Migration
ADMT v3.2 provides the Managed Service Account Migration Wizard and the admt managedserviceaccount command to migrate managed service accounts. You can explicitly specify managed service accounts that need to be migrated, or you can specify computer accounts that ADMT can query for.
The following features that were available in previous versions of ADMT are not available in ADMT v3.2:
- Support for migration to or from domains that have domain controllers that run Windows 2000 Server. If you want to use ADMT v3.2, both the source domain and the target domain must have a domain functional level of at least Windows Server 2003.
- The Exchange 5.5 Mailbox Migration Wizard
- The admtdb import command that allowed the import of an existing ADMT v2 database into an empty database
Download ADMT 3.2
The Windows Server User Group that I run with Mark Wilson, is pleased to be running a free event on Monday 12th April (6-9pm) in London at Microsoft’s Cardinal Place Offiices. Pizza and refreshments will be provided.
The event will focus on:
BranchCache (Deep Dive)
BranchCache is a new Feature in Windows Server 2008 R2 and Windows 7 that helps reduces the bandwidth consumed and improves end user experience while accessing intranet-based HTTP and SMB content. This session introduces challenges in network performance often faced by remote branch offices which accessing content stored in servers located in datacenters across trans-continental Wide Area Networks, and how BranchCache helps in addressing these challenges.
You will learn in depth how BranchCache works and see a demonstration of this new feature in Windows Server 2008R2 and Windows 7, as well as learn how to configure BranchCache.
Windows Server Migration (Deep Dive)
Presentations and live demonstrations on how the new Windows Server 2008 R2 migration tools can simplify the migration of Windows Server roles.
Joey will provide a detailed insight to the Windows Server 2008 R2 Server Migration Tools; The session will include migrating file services, DNS and DHCP to Windows Server 2008 R2.
If you would like to attend, please visit www.wsug.co.uk and register.