RE: [ActiveDir] Domains in a Forest
That is simply a new tree in your forest, pretty basic. It doesn't have to be disjoint (neither netbios to AD name nor AD domain name to machine domain suffix). If you want true admin level security boundaries though, you are talking separate forests. My running recommendation for AD is you have one set of Admins for all domains. No such thing as splitting up a forest securely among admins for different domains. joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lou VegaSent: Friday, October 24, 2003 1:25 PMTo: [EMAIL PROTECTED] Let's say I have a domain called DomainA.com and now my organization is talking with another organization who would like to have DomainB.com. Management at both organizations would like "pretty seamless" access to each other's resources while maintaining their own identities...i.e, DomainB does not want to be DomainB.DomainA.com. My first thoughts are to have a forest with both domains in it (Forest containing DomainA.com and DomainB.com)...but how easy/hard is that to implement when DomainA.com already exists and you need to create/add DomainB.com to the forest? I'm stepping into new territory here and would appreciate any suggestions, comments etc. concerning this. I'm researching this on the web and I know from past discussions on this list that I'm bound to learn something new here! If you need more info, let me know. r/ Lou
Re: [ActiveDir] Domains in a Forest
Separate identity - i.e., don't want to be known as DomainB.DomainA.Com, but rather known as DomainB.Com. Resources are mostly Data and Websites. Exchange is not in the picture. >From what I gather so far I'm looking at a forest with a child domain (DomainA.com is the root, so DomainB.com would be my new child) and a disjointed name space for DNS purposes. Hope that clears things up a little.if not, let me know and thanks for everyone's feedback! r/ Lou - Original Message - From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, October 24, 2003 3:41 PM Subject: RE: [ActiveDir] Domains in a Forest DomainB wants to be separate in what sense? You mean they want their login to remain the same? they want their email address to remain the same? Websites? And what resources are we needing "seamless" access to? Exchange in the picture? If so, do they want "seamless" GAL? The reason I'm asking is because these are considerations that go into answering what you are asking. More info would be helpful. Sincerely, Dèjì Akómöláfé, MCSE MCSA MCP+I www.akomolafe.com www.iyaburo.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Lou Vega Sent: Fri 10/24/2003 10:25 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Domains in a Forest Let's say I have a domain called DomainA.com and now my organization is talking with another organization who would like to have DomainB.com. Management at both organizations would like "pretty seamless" access to each other's resources while maintaining their own identities...i.e, DomainB does not want to be DomainB.DomainA.com. My first thoughts are to have a forest with both domains in it (Forest containing DomainA.com and DomainB.com)...but how easy/hard is that to implement when DomainA.com already exists and you need to create/add DomainB.com to the forest? I'm stepping into new territory here and would appreciate any suggestions, comments etc. concerning this. I'm researching this on the web and I know from past discussions on this list that I'm bound to learn something new here! If you need more info, let me know. r/ Lou List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Domains in a Forest
DomainB wants to be separate in what sense? You mean they want their login to remain the same? they want their email address to remain the same? Websites? And what resources are we needing "seamless" access to? Exchange in the picture? If so, do they want "seamless" GAL? The reason I'm asking is because these are considerations that go into answering what you are asking. More info would be helpful. Sincerely, Dèjì Akómöláfé, MCSE MCSA MCP+I www.akomolafe.com www.iyaburo.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Lou Vega Sent: Fri 10/24/2003 10:25 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Domains in a Forest Let's say I have a domain called DomainA.com and now my organization is talking with another organization who would like to have DomainB.com. Management at both organizations would like "pretty seamless" access to each other's resources while maintaining their own identities...i.e, DomainB does not want to be DomainB.DomainA.com. My first thoughts are to have a forest with both domains in it (Forest containing DomainA.com and DomainB.com)...but how easy/hard is that to implement when DomainA.com already exists and you need to create/add DomainB.com to the forest? I'm stepping into new territory here and would appreciate any suggestions, comments etc. concerning this. I'm researching this on the web and I know from past discussions on this list that I'm bound to learn something new here! If you need more info, let me know. r/ Lou <>
RE: [ActiveDir] Domains in a Forest
Title: Message Well, its cake and pie, really. When setting up AD you're simply going to select the option to create a new domain in an existing forest. THe only issue will be that the two domains need to see each other via DNS - which generally means you're going to secondary each other's zones. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message-From: Lou Vega [mailto:[EMAIL PROTECTED] Sent: Friday, October 24, 2003 1:25 PMTo: [EMAIL PROTECTED]Subject: [ActiveDir] Domains in a Forest Let's say I have a domain called DomainA.com and now my organization is talking with another organization who would like to have DomainB.com. Management at both organizations would like "pretty seamless" access to each other's resources while maintaining their own identities...i.e, DomainB does not want to be DomainB.DomainA.com. My first thoughts are to have a forest with both domains in it (Forest containing DomainA.com and DomainB.com)...but how easy/hard is that to implement when DomainA.com already exists and you need to create/add DomainB.com to the forest? I'm stepping into new territory here and would appreciate any suggestions, comments etc. concerning this. I'm researching this on the web and I know from past discussions on this list that I'm bound to learn something new here! If you need more info, let me know. r/ Lou
[ActiveDir] Domains in a Forest
Let's say I have a domain called DomainA.com and now my organization is talking with another organization who would like to have DomainB.com. Management at both organizations would like "pretty seamless" access to each other's resources while maintaining their own identities...i.e, DomainB does not want to be DomainB.DomainA.com. My first thoughts are to have a forest with both domains in it (Forest containing DomainA.com and DomainB.com)...but how easy/hard is that to implement when DomainA.com already exists and you need to create/add DomainB.com to the forest? I'm stepping into new territory here and would appreciate any suggestions, comments etc. concerning this. I'm researching this on the web and I know from past discussions on this list that I'm bound to learn something new here! If you need more info, let me know. r/ Lou