hello . how are you all I am alex. new member and happy to be here. I am a net admin of about 180 computers. because of management changes in the corp , some of "fool brain "managers decide for us to be CHILD of another domain . now ,I have 2 DC ( main and additional ) in my net. and 1 ANT.VIR srv and 2 FS srv. because of our corp is joined to the new big corp , we should use their applications that run from their APP server. those applications are all "ACTIVE DIRECTORY AUTHENTICATION" based.so they forced me to be child of them JUST for "AD authentication" I have two ways : 1- obey them and demote my domain controller to child domain. 2- implementing a trust relation ship between my dc and theirs. if I select the first , I think that this is so "time consuming " for 180 computers and 220 user profiles( there are some computers with multiple user profile) because of: A- migrating user profiles ( there are all local, NOT roaming ) B-MY DOCUMENTS folder ( I cant use "my document redirection" because "mydocument" folder is exist in drive D but with deferent names for some users) I hardly select the second solution , because my manager FORCED me to become child of them. and I hardly refuse.: is it true to select the first solution or i should select "trust" ? what i your idea? dear "site admin" : I searched in topics, but I did not find a problem similar to mine. thanks all. alex.

[Reply or follow-up to this message]

Hi Alex, Hope this reply isn't too late to be any help. A cross-forest trust will make it possible for users in your domain to access resources in the other and vice-versa. But, it doesn't create the same relationship that parent and child domains have. Each forest has it's own schema, global catalog and so forth. The biggest potential problem is the security boundary that exists between seperate forests. Admins in one forest cannot manage objects in the other, so you may not have a choice in the long run. That's something you have to resolve with the corporate leadership. If you have to nuke your forest and join theirs, use scripts to export and import objects as much as possible to minimize creating accounts from scratch. It's still a big job, but could save huge amounts of time. Good Luck, Paul


On Thursday, November 15, 2007 at 10:22 pm, me_2k3 wrote:
>hello . how are you all
>I am alex. new member and happy to be here.
>I am a net admin of about 180 computers. because of management changes in the corp
>, some of "fool brain "managers decide for us to be CHILD of another domain .
>
>now ,I have 2 DC ( main and additional ) in my net. and 1 ANT.VIR srv and 2 FS srv.
>because of our corp is joined to the new big corp , we should use their applications
>that run from their APP server. those applications are all "ACTIVE DIRECTORY AUTHENTICATION"
>based.so they forced me to be child of them JUST for "AD authentication"
>I have two ways :
>1- obey them and demote my domain controller to child domain.
>2- implementing a trust relation ship between my dc and theirs.
>
>if I select the first , I think that this is so "time consuming " for 180 computers
>and 220 user profiles( there are some computers with multiple user profile)
>because of:
>A- migrating user profiles ( there are all local, NOT roaming )
>B-MY DOCUMENTS folder ( I cant use "my document redirection" because "mydocument"
>folder is exist in drive D but with deferent names for some users)
>
>I hardly select the second solution , because my manager FORCED me to become child
>of them. and I hardly refuse.:
>
>is it true to select the first solution or i should select "trust" ? what i your
>idea?
>
>
>dear "site admin" :
>I searched in topics, but I did not find a problem similar to mine.
>
>thanks all.
>alex.

[Reply or follow-up to this message]

• Search this forum
• Start a new thread on a different subject

• Report abuse of the forum