Announcement

Collapse
No announcement yet.

Integrate a second domain

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Integrate a second domain

    Currently we have one domain (e.g. HQ.COM). We've recently taken over a different company who have their own domain (e.g. SUB.COM). Is there a way to integrate that second domain so that we can come to somekind of 'forest'?
    So that when I open up my AD console I see both domains. Each domain has their own domain admin and 1 enterprise admin group?

  • #2
    Re: Integrate a second domain

    Hi,

    What exactly are your goals?

    Is your only concern to have them under same console?

    Regards,
    Kapil Sharma
    ~~~~~~~~~~~~~
    Life is too short, Enjoy It.

    Comment


    • #3
      Re: Integrate a second domain

      Main goal is to able to manage two domains from the one location. Users from the one domain can access some resources on the other domain. I can have a domain admin taking care of just the second domain with and enterprise admin having an overall access.

      Comment


      • #4
        Re: Integrate a second domain

        Hi,

        Go for a two way trust. Add one admin account in Builtin-admins of another domain as you want to use the same account for administring both of them.

        Regards,
        Kapil Sharma
        ~~~~~~~~~~~~~
        Life is too short, Enjoy It.

        Comment


        • #5
          Re: Integrate a second domain

          Would you believe had exactly the same situation earlier this year.

          Orginally had two seperate Domains at two different Site Offices. One Domain Forest ExampleA.local, the other ExampleB.local. Later added a router at both sites and configured VPN between both routers (Was waiting a long time to get broadband in one of the areas) and then wanted to add/change the existing Forest ExampleB.local to the ExampleA.local Forest.

          Initially copied the ExampleB.local DNS to the existing ExampleA.local DNS. This allowed me to at least find the the second server or external client machines through telnet and remote access. It also allowed me to setup shares too. With that done i was able to complete most administration tasks.

          Later on, alot more administration and system changes came to light and i decided they had to be the one domain for Active Directory Replication and DFS shares. I completed the following.

          1.) Configured all new accounts and Groups on ExampleA.local in Advance
          2.) Ran Full backup of ExampleB.local Server to external USB Harddrive (Using Windows 2003 Backup Utility)
          3.) Reinstalled Windows 2003
          4.) Configured AD as Secondary Domain Controller
          5.) Restored Drivers,Files\Folders and Programs from Backup
          6.) Added Server Roles - File Sharing\DHCP\Print Sharing\RIS.

          N.B* Dont recommend just uninstalling AD and reinstalling as Secondary Domain Controller never seems to complete right. Will always have draw backs later on. Best have a fresh and most importantly correct installation.

          Server reloads dont have to be as daunting as it might seem. You only have to plan and do as much preperation as you can. The only real burden is that its always done outside of office hours. Otherwise you can prepare as much as you like in advance before performing reload.

          Best tips i could give before reloading and that you could complete in advance would be...

          1. Configure new Clients Accounts\Groups on your existing Server
          2. Configure Client Logon Scripts (Have your server system and folder configuration pre-planned)
          3. Configure RIS Legacy Boot Image for a Client Machine (A must if you have a lot of machines the same)
          4. Make a complete system backup before reload (Just in case of "Emergency")
          5. Have all required programs on network to hand (Best copy them to external Drive)

          Not sure how big your network is but my example was based on adding an office of 25 client machines. It took me only 1 day at the weekend to complete. (Started Full Backup at the end of the day before). Im sure in the corporate world of networking it might even be best practise to create a legacy boot image for the new additional server but I've not had the experience of doing something like that.

          Otherwise, hope my previous exercise is of any help to you. Be happy to right out any step by step instructions if required for any of the above.

          David

          Comment


          • #6
            Re: Integrate a second domain

            kapilsharma11: If I set up a 2-way trust, would users on domain B be able to use the mailserver which exists in domain A.

            Chin up!: Given the size of the domain B (30/40 users) it might be worth following your scenario.

            Comment


            • #7
              Re: Integrate a second domain

              No.....

              Because they belong to different forest so you need two different exch org.

              For this you need to extend your forest to have one more tree to have the new domain. Then you can go for inter forest migration to migrate the users from your old SUB.com domain to the new domain in HQ.com forest.

              Regards,
              Kapil Sharma
              ~~~~~~~~~~~~~
              Life is too short, Enjoy It.

              Comment


              • #8
                Re: Integrate a second domain

                Only knew at this forum so i hate to thread on anybodies toes!

                I think the Answer is Yes.

                SCENARIO: (To Clarify)
                You have new Forest ExampleA.local and you want user on Forest ExampleB.local to be able to access resources on Forest ExampleB.local

                SOLUTION: (Assuming Servers are Win2003 and existing router connection between both Forests) - Copy DNS Zone to server.

                On Server in Forest ExampleB.local

                1. Go to DNS Snap-in Management Service on Server ExampleB.local
                2. Go to Server Name, then Forward Lookup Zones
                3. Right click "Forward Lookup Zones", click "New Zone"
                4. Select "Secondary Zone" and type full DNS name of server you would like to copy. (i.e "Machine Name".ExampleA.local)

                You should know be able to ping by machine name from ExampleB.local to ExampleA.local

                All you have to do is apply permissions to services on ExampleA.local.

                You can get as fancy as u like using scripts for this.

                For example ....

                At logon you can have folders and printers mapped with seperate user rights.
                Option Explicit
                Dim objNetwork
                Dim strDriveLetter, strRemotePath, strUser, strPassword, strProfile
                strDriveLetter = "H:"
                strRemotePath = "\\SERVER\HOMEFOLDER"
                strUser = "Administrator"
                strPassword = "password"
                strProfile = "false"
                Set objNetwork = WScript.CreateObject("WScript.Network")
                objNetwork.MapNetworkDrive strDriveLetter, strRemotePath, _
                strProfile, strUser, strPassword

                Lots more like this found on "www.computerperformance.co.uk"


                ....Sorry straying off a bit from the original question but essentially getting to the point. Once there is actually a physical connection between both servers theres no reason why you cant share most resources, if not all.

                If your using Pop3 service for Windows 2003 (Although personally i stay away from it, far too basic ) then you could set up accounts on ExampleA.local for users in the Forest ExampleB.local. Then users on ExampleB.local could access the Incoming Pop3 by either IP Address or Machine Address. Is this something like what your trying to do?

                Otherwise if your using a 3rd party application for your mail server theres no reason why you cant access the mail server by IP or Machine Name from either Domains.

                David
                Last edited by Chin up!; 14th December 2007, 13:27.

                Comment


                • #9
                  Re: Integrate a second domain



                  That's true. Mail server can be accessed but users on forest B can not host there mail boxes on forest A.

                  If you think that they can then tell me how will u create there mail boxes on another forest.

                  Regards,
                  Kapil Sharma
                  ~~~~~~~~~~~~~
                  Life is too short, Enjoy It.

                  Comment


                  • #10
                    Re: Integrate a second domain

                    Not sure what you mean?

                    What i simply meant by my previous note below is:
                    Emails like "Username"@ExampleA.local - Stored on ExampleA.local Server
                    Emails like "Username"@ExampleB.local - Stored on ExampleB.local Server
                    But any user on either network ExampleA or ExampleB can retreive by IP or Machine Name.

                    If your using Pop3 Service for Windoes2003 there would of course have to be seperate services for different email domain names. Like said before Pop3 Service for Win2003 is very basic.

                    If you want to run all email accounts and domains from the one mail service then you will require a seperate party application to do that. Loads of them out there. Lots free too. Try out "www.download.com".

                    Didnt mean to confuse the situation earlier! Sorry
                    Last edited by Chin up!; 14th December 2007, 15:28.

                    Comment


                    • #11
                      Re: Integrate a second domain

                      You are right but the original question is:

                      There are two different domains in two different forests.

                      1. Domain A
                      2. Domain B

                      Two different users belong to different domains:

                      1. [email protected]l
                      2. [email protected]l

                      Now it's not possible that mail box for userB can be created on the exchange servers in Domain A.

                      It's not possible because they will be having different schema and two different forest can not have a single Exch org.

                      I am done......Can not answer any more........

                      Cheer up.

                      Regards,
                      Kapil Sharma
                      ~~~~~~~~~~~~~
                      Life is too short, Enjoy It.

                      Comment


                      • #12
                        Re: Integrate a second domain

                        Originally posted by Akubra View Post
                        kapilsharma11: If I set up a 2-way trust, would users on domain B be able to use the mailserver which exists in domain A.
                        Yes. The steps are quite simple:

                        1) Establish a trust between the domains (domain A trusts domain B)
                        2) Create a new disabled user account in domain A (domA\user1) for user in domain B (domB\user1)
                        3) Mailbox enable the domA\user1 account
                        4) Set the "Associated External Account" of domA\user1 to userB\user1 using "Exchange Advanced tab => Mailbox rights" of the user account
                        5) Configure domB\user1 to point to Exchange in domA and access the mailbox "user1"
                        Guy Teverovsky
                        "Smith & Wesson - the original point and click interface"

                        Comment

                        Working...
                        X