Good morning gurus,
I am looking at an Active Directory domain migration:

  1. Interforest migration
  2. Trust in in place
  3. Desktops have been moved from source to target domains
  4. This particular phase of the project is about migrating the users
  5. Member Servers\applications are staying in the source domain for this phase of the project
  6. SID history is taken cared of - using ADMT
  7. 9K+ users
Since the applications are staying in the source domain for now, we are looking at all the apps in the source domain. If the app is AD integrated then we look for multi domain support in the app, as we cannot migrate all users at the same time(app needs to be able to accept logons from either domain).
Making the apps in the source domain multi domain capable, testing has become a real challenge. We've run into a few apps that just cannot do multi domain support. I am looking for ideas, links, suggestions for options for this challenge.
I am thinking:
Move the application and its users at the same time. Not easy and potentially problematic with applications that have thousands of users. Not to mention apps are being evaluated for consolidation, migration, etc and app migration is not part of this phase (budget$)
Fence the non multi domain aware applications with a Citrix portal, XenDesktop solution - Continue to use Source domain credentials
    1. VPC type solutions tend to confuse the users (where is my desktop)
    2. Citrix solution has the potential for high cost in licensing and hardware
    3. Fencing so these problematic apps use the source domain credentials requires that the user source account remain enabled. Disabling source user accounts is part of the project's objectives.
Something else?
Thanks
  • ┬áJohnny A. FigueroaSolution ArchitectFigueroa IT, LLCJohnnyfigueroa9@xxxxxxxxxxxxxxxx