Multiple Active Directory Domains

Hi, I have Openfire 3.6.0 authenticating users and populating rosters with Active Directory. The domain that is currently in use (Old.Busted) is broken to the point that I’m not going to attempt to fix it. I’m going to start from scratch with a new domain (New.Hotness). For a while, I will have some users on Old.Busted and some on New.Hotness. So, I need a solution that can see users on 2 separate Active Directory domains in order to minimize service disruption while I’m moving users from the “Old.Busted” domain to the “New.Hotness” domain. Can anyone offer some advice?

Thanks!

The tricky part is going to be what the baseDN will be. I am not sure that even with a two way trust a search of the GC on your new domain will include users from the old domain. That would be a place to start though. I think if you were able to a search of users and computers in your new domain and have users from the old domain show up you would be set.

Thanks for the input. There is a two way trust between the old and new domains. After doing some more research last night, I wonder if Server2Server might fit here. Any ideas?

For anyone else in this situation, I ended up building a different Openfire server for the new domain and setting up S2S. The only thing I need to do now is populate the rosters of users on both domains with users from both domains, and since I have no idea where to start or if it’s even possible, I started a new thread here: http://www.igniterealtime.org/community/thread/35113?tstart=0

Thanks!!!

The other thing you might take a look at is ADAM from Microsoft. From what I understand it would combine the two AD’s into one ldap type structure. You could then just point 1 Openfire server to it.

I do not believe you can prepopulate the rosters across a S2S connection.