|
|
|
re: trust or child domain?
Monday, December 31, 2007 at 7:42 pm
Windows Server 2003 Annoyances Discussion Forum
Posted by Paul Meadows
(4 messages posted)
Hi Alex,
Hope this reply isn't too late to be any help. A cross-forest trust will make
it possible for users in your domain to access resources in the other and vice-versa.
But, it doesn't create the same relationship that parent and child domains have.
Each forest has it's own schema, global catalog and so forth. The biggest potential
problem is the security boundary that exists between seperate forests. Admins in
one forest cannot manage objects in the other, so you may not have a choice in the
long run. That's something you have to resolve with the corporate leadership. If
you have to nuke your forest and join theirs, use scripts to export and import objects
as much as possible to minimize creating accounts from scratch. It's still a big
job, but could save huge amounts of time.
Good Luck, Paul
On Thursday, November 15, 2007 at 10:22 pm, me_2k3 wrote:
>hello . how are you all
>I am alex. new member and happy to be here.
>I am a net admin of about 180 computers. because of management changes in the corp
>, some of "fool brain "managers decide for us to be CHILD of another domain .
>
>now ,I have 2 DC ( main and additional ) in my net. and 1 ANT.VIR srv and 2 FS srv.
>because of our corp is joined to the new big corp , we should use their applications
>that run from their APP server. those applications are all "ACTIVE DIRECTORY AUTHENTICATION"
>based.so they forced me to be child of them JUST for "AD authentication"
>I have two ways :
>1- obey them and demote my domain controller to child domain.
>2- implementing a trust relation ship between my dc and theirs.
>
>if I select the first , I think that this is so "time consuming " for 180 computers
>and 220 user profiles( there are some computers with multiple user profile)
>because of:
>A- migrating user profiles ( there are all local, NOT roaming )
>B-MY DOCUMENTS folder ( I cant use "my document redirection" because "mydocument"
>folder is exist in drive D but with deferent names for some users)
>
>I hardly select the second solution , because my manager FORCED me to become child
>of them. and I hardly refuse.:
>
>is it true to select the first solution or i should select "trust" ? what i your
>idea?
>
>
>dear "site admin" :
>I searched in topics, but I did not find a problem similar to mine.
>
>thanks all.
>alex.
- Written in response to:
- trust or child domain? (me_2k3: Thursday, November 15, 2007 at 10:22 pm)
There are presently no replies to this message.
|
|
All messages in this thread [show all]
 |  | re: trust or child domain? (Paul Meadows: Mon, Dec 31, 2007, 7:42 pm) |
| |
| |
Return to the Windows Server 2003 Discussion Forum
|
|
|
|
