Announcement

Collapse
No announcement yet.

Federation Trusts

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Federation Trusts

    Hello Forum,

    I have a question / query I wanted to run past you...

    Im doig some consultancy for a company, this complany has just merged. Very similar setup but have now merged due to geographical closeness and potential to make savings.

    Company A has a nice flat Active Directory Domain Model - Single Domain and OU used to split up resources / roles.

    Company B has a multi domain model.

    Both have around 6000 users.

    Bothrunning Windows 2008 DC's but not native AD's

    They wish to share resources such as PC's, email systems, unstructured NTFS folders and back office applications.

    And so my question is along the lines of how do you think we should head?

    Option 1 - Encourage the Multi domain Comapny to cross over to the single domain model and create necessary OU's - This will mean a new log in, new email address (with old alias), movement of the unstructured data and re-permissioning of those folders - Sounds doable but lenghtly...

    Option 2 - Federated Services - Sounds like it will do the trick, can colaborate, share point, OCS etc - Trouble here is how do you do fererated services with a multi domian model AD federaing with a single domian model AD - This sounds the easier option for "tactical" whilt we work on a more strategic model.

    Option 3 - Create new Domain Model / Forest from scratch

    Option 4 - Trusts?

    Any thoughts, technet links would be appreshiated - Federated Services is where Im leanign curently - Any advise, have you been here before? Issues / Worries / Concerns / Lessons learnt?

  • #2
    Re: Federation Trusts

    IMHO Domain Trusts in the short term, giving resource access, then plan a suitable migration/merge strategy -- IMHO single domain unless there is an overwhelming need for either separation of administrative duties or separate password policies (the only two valid reasons for a multi-domain model)
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: Federation Trusts

      Originally posted by Ossian View Post
      IMHO Domain Trusts in the short term, giving resource access, then plan a suitable migration/merge strategy -- IMHO single domain unless there is an overwhelming need for either separation of administrative duties or separate password policies (the only two valid reasons for a multi-domain model)
      Tom, could you elaborate on IMHO Domain Trusts... More IMHO??

      Comment


      • #4
        Re: Federation Trusts

        As AD FS is relegated to web applications (AFAIK) I think a better choice would be to create a two-way transitive Forest Trust between the two forests, using either Forest-wide or Selective authentication. A two-way transitive forest trust will allow for trust transivity between all domains/resources from and to each domain in each forest.

        Comment

        Working...
        X