>
> "Eric Darby" <eric[ at ]SPAMSUX.com> wrote in message
> news:umbK0fYuHHA.4476[ at ]TK2MSFTNGP03.phx.gbl...
>> thats true. I also have 1 other gripe. the previous admin named the
>> forest [company].ent.
>>
>> I would like to name it [company].com and have a forest root container.
>
> Company.ent is likely a better name than using your public .com name
> but if you are in Windows 2003 Forest Functional Level (every Domain
> in Win2003 Server Native mode which means all DCs running 2003)
> you can rename a domain.
>
>> I figure if i make a new tree then I can have my .com domain and still
>> have the root.
>
> Yes, you can do that -- it sounds like a terrible reason for adding a
> domain
> and going through a migration -- it actually will probably be WORSE than
> what you have now.
>
>
> --
> Herb Martin, MCSE, MVP
>
http://www.LearnQuick.Com> (phone on web site)
>
>> "Herb Martin" <news[ at ]learnquick.com> wrote in message
>> news:OsJ1xAPuHHA.1052[ at ]TK2MSFTNGP05.phx.gbl...
>>>
>>> "Eric Darby" <eric[ at ]SPAMSUX.com> wrote in message
>>> news:%23A5wBhLuHHA.768[ at ]TK2MSFTNGP04.phx.gbl...
>>>> because all of the other domains are child domains of the forest root.
>>>> I want to start a new tree to make sure the policies and permissions
>>>> are all clean.
>>>
>>> Policies can be reset with DCGPOfix.exe
>>>
>>> Having to manage all the permissions and owership on existing
>>> resources will be much uglier than just reseting permissions.
>>>
>>>
>>> --
>>> Herb Martin, MCSE, MVP
>>>
http://www.LearnQuick.Com>>> (phone on web site)
>>>
>>>> "Herb Martin" <news[ at ]learnquick.com> wrote in message
>>>> news:ewEa2xFuHHA.576[ at ]TK2MSFTNGP03.phx.gbl...
>>>>>
>>>>> "Eric Darby" <eric[ at ]SPAMSUX.com> wrote in message
>>>>> news:%23BcT9iDuHHA.3640[ at ]TK2MSFTNGP05.phx.gbl...
>>>>>>i am in the process of flattening my domain and have created a new
>>>>>>domain tree to migrate all of my child domains into.
>>>>>
>>>>> Why not just migrated into ONE of the existing domains?
>>>>>
>>>>>> On the new Domain what is the best way to configure the AD Integrated
>>>>>> DNS?
>>>>>
>>>>> On the new domain? Is it in a new forest? (IF NOT you cannot get
>>>>> rid of all the old domains anyway.)
>>>>>
>>>>> If it is in a new forest there is only ONE way to setup AD Integrated
>>>>> DNS
>>>>> that really makes much sense with 2003, and literally only one choice
>>>>> if
>>>>> you have 2000 DNS-DCs.
>>>>>
>>>>> Use either All DNS-DCs in the Domain, or use ALL DCs (if you have
>>>>> 2000 DCs).
>>>>>
>>>>> If you have more than one Domain in that forest (or it's in the
>>>>> current
>>>>> forest with the other domains) then you could theoretically use All
>>>>> DNS-DCs
>>>>> in Forest.
>>>>>
>>>>> This is not the key design problem.
>>>>>
>>>>>
>>>>>> I need to see the forest root and child domains of the old tree while
>>>>>> making the transition.
>>>>>
>>>>> The key problem is having a way for the new domain to find (all of)
>>>>> the
>>>>> old domains, and a way for the old domains to find the new one which
>>>>> being in a new tree implies they cannot use the same rooted hierarchy
>>>>> and you will either have to hold "cross secondaries" or "cross stubs"
>>>>> for the OTHER Trees -- or you can use Conditional Forwarding on
>>>>> each side.
>>>>>
>>>>>
>>>>>> Should I have replication to All DNS servers in the AD forest?
>>>>>
>>>>> That works if the new domain is in the same forest -- but then you
>>>>> will always have at least one of the current domains (cannot remove
>>>>> it) plus the new domain.
>>>>>
>>>>>> The forest root domain is going to remain and it is currently set to
>>>>>> replicate to All DNS servers in the AD forest.
>>>>>
>>>>> If you do it this way you have more efficient replication in most
>>>>> cases.
>>>>>
>>>>> If your domains are small it will practically always be a good choice.
>>>>>
>>>>> --
>>>>> Herb Martin, MCSE, MVP
>>>>>
http://www.LearnQuick.Com>>>>> (phone on web site)
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>