# 2003 to 2008 AD interforest migration



## Anti-Intel2 (Dec 31, 2002)

Hello,

I have a few questions i need to find out on a project. We are in the process of virtualizing all servers in an environment. In the new environment we setup a new 2008 domain and have changed the domain name as it was incorrectly setup in the existing domain. Nothing is tied to the new domain as of yet.

Now we want to migrate just the users and password, we dont want to transfer any of the exiting memberships or rights to the new domain as they are broken/incorrectly configured. We are planning on restructuring the OU, Groups, etc. in the new AD environment to simplify the AD environment.

We are going to have to rename all the pc's, so we decided that we will manually rename the pc's and disjoin them from source domain and add to the new domain. We dont want to migrate the computers if we dont have to. Is this possible?

I cannot find any documentation that states that I can perform interforest migration this way. Is this feasible? What kind of issues can I expect to see? The source domain will need to stay up as we are doing this one site at a time.


----------



## mister_man (Dec 30, 2009)

As far as disjoining from one domain and joining another. This is totally feasible. The problem you are most likely going to run into is loss of the users profile. Desktop settings, Outlook Archives, PST files, etc. It is not truly lost, just a pain, as when you login to the new domain it is going to create a new profile.
Check out a program called Forensit. I found it when doing a client job where we created a new domain and wanted to join all the PC's with out losing the profiles. It is really cheap, well if you don't have 1000's of pcs, and works great.


----------



## Anti-Intel2 (Dec 31, 2002)

Thanks for the reply. I have started this project and am at a standstill. 

I am having trouble with the two-way trusts (interforest). I was able to create the trusts and was able to move all users and groups into new domain. Then the trust failed and I cannot validate the trust again. i get rpc errors and that it cannot find the domain controller when I try to setup the trust again. I have the secondary dns zone to the new domain set up on the 2003 side, but from the 2008 domain i cannot setup the secondary dns zone. I have zone transfers enabled. States that the server are non-authoritative when i know they are. (netdiag tests pass) I had conditinal forwarding setup to begin with when the trust worked first time.

The old domain is running forest and domain functional level of 2000 native. I created a new domain and made it run the same level. I read a MS document that stated that you have to have a minimum of 2003 domain and forest functional level, but I was able to get this to work initially. So would this be causing all these issues?

BTW...ADMTv3.1 will migrate the local profiles, but running into snag with this trust issue.


----------



## mister_man (Dec 30, 2009)

Have you seen this? It pertains directly to a trust between 2003 and 2008 in a VMWare environment.
*RPC Failure Error while Creating Trust Relationships between Windows 2003/2008 Servers or Domain Controllers*

*Details*

The Host Guest File System service (hgfs.sys) running inside a Windows Server 2003/2008 virtual machine creates RPC Failure error messages when creating trust relationships.

 
*Solution*

To resolve this issue, disable the hgfs.sys service from running at boot time inside of the virtual machines.

To disable the hgfs.sys service from running at boot time:

*Caution:* This procedure involves modifying the registry. Incorrect changes to the registry can leave your system unstable or unable to run. Always back up the registry before editing it, and exercise caution in making changes to the registry. VMware takes no responsibility for problems that might arise.


 Choose *Start* > *Run*.
 Type:

Regedit


 Click *OK*.
 Navigate to the key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hgfs


 Right-click the key and choose *Export*.
 Export the key to a location on your hard drive.
 Change the *Start* value of the key to *4*.
 To import the changed value, either:
 
 Browse to the file using Windows Explorer and double-click the file.

OR


 At the command prompt, type:

regedit /i /s c:\<location of exported file>hgfs.reg


 Reboot the guest operating system.


----------

