Almost
right (as I understand your interpretation). Your SAP domain will be a
parallel domain to your user domain, but in the same forest. For example,
let's say your current user domain is called 'tuv' with a DNS entry of 'tuv.com'
and your SAP domain is called 'wxy' with a DNS entry of 'wxy.com'. When
you upgrade your user domain to Active Directory, your forest could be called
'tuv' and the domain would be 'tuv.com'. When you upgrade your SAP domain,
it would be called 'wxy.com' in the 'tuv' forest. Two domain trees, one
forest. A visual diagram would be something like:
/\
Forest: tuv
/____\
|
(Domain: tuv.com)__|__(Domain: wxy.com)
Using
the names in the example, for the SAP domain to be a child domain of the users
domain, the SAP domain would be named 'wxy.tuv.com'. A visual diagram
would be something like:
/\
Forest: tuv
/____\
|
(Domain: tuv.com)
/
(Domain: wxy.tuv.com)
If you
choose the parallel domains in the same forest, remember to set administrative
privileges for the SAP domain to the appropriate user accounts in the user
domain. The administrative permissions are inherited in the child domain
model, so they are not as much of an issue.
Both
models provide for different password security settings (i.e., password length,
password aging, etc). If you want those security settings identical in
both domains, you will need to set them in each domain.
Kenneth W. (Ken) Adams, MCSA, MCSE
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of knighTslayer
Sent: Thursday, July 08, 2004 9:29 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] 2 NT4.0 domains to a Forrest
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of knighTslayer
Sent: Thursday, July 08, 2004 9:29 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] 2 NT4.0 domains to a Forrest
Hi Kenneth,
I'm currently replicating the situation now using
VMware.
So, if I have this right, I'm going to put the SAP
domain in as a child domain of the existing users domain and not a new domain
tree?
Therefore, the domain SAP NetBIOS name will be SAP and the
accounts will be that of SAP\user or a UPN of the forest like [EMAIL PROTECTED]
?
Thanks
Adam
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Adams, Kenneth W (Ken)
Sent: 08 July 2004 14:03
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] 2 NT4.0 domains to a Forrest
Not
knowing all of the details to your current situation, those you provided lead me
to recommend having one forest, but 2 domains. You can upgrade your user
domain and have that as your forest root, then upgrade the SAP domain as a new
domain in the forest. With that arrangement, you will have the 2-way
transitive trust automatically established.
Be
aware that you should test this (and any) upgrade strategy in a lab
environment. That lab environment can be as simple as having a (fairly)
new PC running Windows XP and Virtual PC, or as complex as having a duplicate
set of servers to your current environment on a separate (preferred isolated)
network.
Kenneth W. (Ken) Adams, MCSA, MCSE
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of knighTslayer
Sent: Thursday, July 08, 2004 8:49 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] 2 NT4.0 domains to a Forrest
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of knighTslayer
Sent: Thursday, July 08, 2004 8:49 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] 2 NT4.0 domains to a Forrest
sorry, new kit is out of the question, I should have
mentioned that.
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Henderson Richard
Sent: 08 July 2004 11:47
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] 2 NT4.0 domains to a Forrest
I would start fresh with a new forest & then migrate
over users & services using MS migration tools which work well. I have
previously done an in place upgrade of NT4 & although it
worked well there is more flexibility with with a new domain.
Obviously the additional hardware requirements can limit your choice if new kit
is not an option.
From: knighTslayer [mailto:[EMAIL PROTECTED]
Sent: 08 July 2004 09:40
To: [EMAIL PROTECTED]
Subject: [ActiveDir] 2 NT4.0 domains to a Forrest
Hi,
I'm planning to upgrade my NT4.0 domains to Windows
2000. I have NT domains that have two-way trusts to each other.
The first domain is where all my users, printers, file
server and mail servers are and the second domain is just for my SAP
applications run. My SAP servers are completely dependent on the SAP
domain to start the services and it is hard coded which accounts from that
domain can start them, therefore I must maintain the domain logon, SID and
account name. The SAP domain requires the use of printers and file servers
from the user domain.
I am making a migration plan where I intend to upgrade my
users domain to Windows 2000 Active Directory first and maintain a two-way
non-transitive trust to the SAP domain. I will switch to native mode and
then I will upgrade the SAP domain to Active Directory.
However, I am not sure whether to create a new domain tree
or create a child domain of the users domain for the SAP domain.
What would be best? Or would creating a new Forrest
and have trust be any better?
Thanks
Adam
***********************************************************************************************************
This correspondence is confidential and is solely for the intended recipient(s). If you are not the intended recipient, you must not use, disclose, copy, distribute or retain this message or any part of it. If you are not the intended recipient please delete this correspondence from your system and notify the sender immediately.
No warranty is given that this correspondence is free from any virus. In keeping with good computer practice, you should ensure that it is actually virus free. E-mail messages may be subject to delays, non-delivery and unauthorised alterations, therefore information expressed in this message is not given or endorsed by Sx3 unless otherwise notified by our duly authorised representative independent of this message.
Sx3 is a trading name of Service and Systems Solutions Limited, a limited company registered in Northern Ireland under number NI 32979 whose registered office is at 120 Malone Road, Belfast, BT9 5HT.
***********************************************************************************************************
