Can you retire a root AD domain when it has child domains?
-
So continuing with Wired's situation I was wondering
Can you retire/kill off/demote out the root domain when you have child domains?
We have city.com - where Exchange currently lives.
We create ad.city.com - and move all objects other than exchange there (politics). In 5 years when there is new leadership, they realize that having two domains is dumb and finally agree to dump one of them.
I would assume the ultimate option would be to move Exchange to the AD domain, and kill the root domain (city.com).But perhaps this isn't possible? So is this site stuck with a possible split horizon DNS setup for life (assuming the use of city.com externally as well as internally)?
-
I think I'd need to promote one of the childs to root and then retire the old root domain, which would be a child at that point
-
@wirestyle22 said in Can you retire a root AD domain when it has child domains?:
I think I'd need to promote one of the childs to root and then retire the old root domain, which would be a child at that point
I'm not even sure what this means - I've never heard of making a child domain into a root domain.
-
@dashrender said in Can you retire a root AD domain when it has child domains?:
@wirestyle22 said in Can you retire a root AD domain when it has child domains?:
I think I'd need to promote one of the childs to root and then retire the old root domain, which would be a child at that point
I'm not even sure what this means - I've never heard of making a child domain into a root domain.
How can you even think that you can delete a root? Everything stems from it.you have to have root.
FFS?
-
-
@dashrender said in Can you retire a root AD domain when it has child domains?:
? So is this site stuck with a possible split horizon DNS setup for life (assuming the use of city.com externally as well as internally)?
You cannot retire a root AD domain with child domains (They all would be retired). The best option is to create a new forest separately and then use ADMT to migrate the subdomain to the new forest.
-
You'll need to migrate everything to the root domain "city.com". Then you can kill off the child domain "ad.city.com".
Or migrate everything to the child domain and leave the root domain empty.
-
@dbeato said in Can you retire a root AD domain when it has child domains?:
@dashrender said in Can you retire a root AD domain when it has child domains?:
? So is this site stuck with a possible split horizon DNS setup for life (assuming the use of city.com externally as well as internally)?
You cannot retire a root AD domain with child domains (They all would be retired). The best option is to create a new forest separately and then use ADMT to migrate the subdomain to the new forest.
This would almost certainly break exchange.
-
@tim_g said in Can you retire a root AD domain when it has child domains?:
You'll need to migrate everything to the root domain "city.com". Then you can kill off the child domain "ad.city.com".
Or migrate everything to the child domain and leave the root domain empty.
This is definitely an option but this doesn't solve the problem of the split horizon DNS possibly. Which is the entire reason to remove the root domain in the first place.
Instead it seems like the only option today is to migrate everything to the root and then rename the root. -
@dashrender said in Can you retire a root AD domain when it has child domains?:
@tim_g said in Can you retire a root AD domain when it has child domains?:
You'll need to migrate everything to the root domain "city.com". Then you can kill off the child domain "ad.city.com".
Or migrate everything to the child domain and leave the root domain empty.
This is definitely an option but this doesn't solve the problem of the split horizon DNS possibly. Which is the entire reason to remove the root domain in the first place.
Instead it seems like the only option today is to migrate everything to the root and then rename the root.Or use O365. No real reason for any SMB to have on-prem Exchange.
-
@tim_g said in Can you retire a root AD domain when it has child domains?:
@dashrender said in Can you retire a root AD domain when it has child domains?:
@tim_g said in Can you retire a root AD domain when it has child domains?:
You'll need to migrate everything to the root domain "city.com". Then you can kill off the child domain "ad.city.com".
Or migrate everything to the child domain and leave the root domain empty.
This is definitely an option but this doesn't solve the problem of the split horizon DNS possibly. Which is the entire reason to remove the root domain in the first place.
Instead it seems like the only option today is to migrate everything to the root and then rename the root.Or use O365. No real reason for any SMB to have on-prem Exchange.
This is a city. Sure they are SMB sized but govment. Ya know, dog
-
@tim_g said in Can you retire a root AD domain when it has child domains?:
@dashrender said in Can you retire a root AD domain when it has child domains?:
@tim_g said in Can you retire a root AD domain when it has child domains?:
You'll need to migrate everything to the root domain "city.com". Then you can kill off the child domain "ad.city.com".
Or migrate everything to the child domain and leave the root domain empty.
This is definitely an option but this doesn't solve the problem of the split horizon DNS possibly. Which is the entire reason to remove the root domain in the first place.
Instead it seems like the only option today is to migrate everything to the root and then rename the root.Or use O365. No real reason for any SMB to have on-prem Exchange.
We've priced it out and are waiting. Like I said, it takes over a year just to purchase a switch.
-
@wirestyle22 said in Can you retire a root AD domain when it has child domains?:
@tim_g said in Can you retire a root AD domain when it has child domains?:
@dashrender said in Can you retire a root AD domain when it has child domains?:
@tim_g said in Can you retire a root AD domain when it has child domains?:
You'll need to migrate everything to the root domain "city.com". Then you can kill off the child domain "ad.city.com".
Or migrate everything to the child domain and leave the root domain empty.
This is definitely an option but this doesn't solve the problem of the split horizon DNS possibly. Which is the entire reason to remove the root domain in the first place.
Instead it seems like the only option today is to migrate everything to the root and then rename the root.Or use O365. No real reason for any SMB to have on-prem Exchange.
We've priced it out and are waiting. Like I said, it takes over a year just to purchase a switch.
LOL
-
@scottalanmiller said in Can you retire a root AD domain when it has child domains?:
@wirestyle22 said in Can you retire a root AD domain when it has child domains?:
@tim_g said in Can you retire a root AD domain when it has child domains?:
@dashrender said in Can you retire a root AD domain when it has child domains?:
@tim_g said in Can you retire a root AD domain when it has child domains?:
You'll need to migrate everything to the root domain "city.com". Then you can kill off the child domain "ad.city.com".
Or migrate everything to the child domain and leave the root domain empty.
This is definitely an option but this doesn't solve the problem of the split horizon DNS possibly. Which is the entire reason to remove the root domain in the first place.
Instead it seems like the only option today is to migrate everything to the root and then rename the root.Or use O365. No real reason for any SMB to have on-prem Exchange.
We've priced it out and are waiting. Like I said, it takes over a year just to purchase a switch.
LOL
The world's smallest violin is playing just for me
-
@dashrender Yeah... which means you are stuck with what you have unless there is some design change or migration to another domain.
