Re: Active directory and 2 domains
From: Phillip Renouf (PhillipRenouf_at_discussions.microsoft.com)
Date: 08/10/04
- Next message: Doug: "Re: Move DC to Another System"
- Previous message: Evan: "Explorer.exe Error When Loading a Mandatory Profile"
- In reply to: Simon Geary: "Re: Active directory and 2 domains"
- Next in thread: Cary Shultz [A.D. MVP]: "Re: Active directory and 2 domains"
- Reply: Cary Shultz [A.D. MVP]: "Re: Active directory and 2 domains"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 10 Aug 2004 13:03:01 -0700
Yeah, I am no Exchange expert, but I don't think that one Exchange
Organization can exisit in across two seperate forests.
Phil
"Simon Geary" wrote:
> If you want to isolate 2 domains then each domain will need to be in its own
> forest. This option is decided during the dcpromo process, you can choose to
> create a new forest or join an existing forest.
>
> Once your 2 domains are set up you can create a one-way trust where domain1
> trusts domain2. This should give you the isolation you need. I would also
> make sure you consider the impact this would have on Exchange.
>
> "kevinagain" <kcicyber@hotmail.com> wrote in message
> news:e19VRUifEHA.2896@TK2MSFTNGP11.phx.gbl...
> > How can i run 2 seperate domains, and allow the kind of access i need
> within
> > the active directory??
> > "Simon Geary" <simon_geary@hotmail.com> wrote in message
> > news:uD5pXqhfEHA.2604@TK2MSFTNGP10.phx.gbl...
> > > Domains in the same forest share a common schema and have the same
> > > enterprise admins so they cannot be totally separated.
> > >
> > > "kevinagain" <kcicyber@hotmail.com> wrote in message
> > > news:OnmnZihfEHA.2764@TK2MSFTNGP11.phx.gbl...
> > > > Please define "same Forest"
> > > > thats always confused me a little..
> > > >
> > > > tia
> > > >
> > > >
> > > > "Simon Geary" <simon_geary@hotmail.com> wrote in message
> > > > news:uYSdcThfEHA.3024@TK2MSFTNGP10.phx.gbl...
> > > > > If these two domains are going to be in the same forest it will not
> be
> > > > > possible to restrict domain1 from having any access to domain2. The
> > > forest
> > > > > is the AD security boundary. If you are trying to accomplish this
> for
> > > any
> > > > > legal or regulatory reason you will need to use different forests.
> > > > >
> > > > > "kevinagain" <anonymous@discussions.microsoft.com> wrote in message
> > > > > news:275601c47db7$8f377500$a601280a@phx.gbl...
> > > > > >
> > > > > > i am rebuilding a 2 domain network
> > > > > >
> > > > > > they will be
> > > > > >
> > > > > > domain1.local 172.17.1.x 255.255.0.0
> > > > > > domain2.local 172.17.2.x 255.255.0.0
> > > > > >
> > > > > > all the switches will be 172.17.1.x 255.255.0.0
> > > > > >
> > > > > > the 12 machines on domain2.local will be static IP's
> > > > > > the 50+ machines on domain1.local will be be dhcp clients.
> > > > > > both domains will get there email from
> > > > > > exchange.domain2.local
> > > > > >
> > > > > > each domain AD will interact with DNS server too
> > > > > >
> > > > > > domain2 must have full access to domain1
> > > > > > domain1 cannot have ANY access to domain2
> > > > > >
> > > > > > how can i get the AD to show up from on domain to the
> > > > > > other?
> > > > > >
> > > > > > how i can i find domain1 in the AD of domain2 ?
> > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
>
- Next message: Doug: "Re: Move DC to Another System"
- Previous message: Evan: "Explorer.exe Error When Loading a Mandatory Profile"
- In reply to: Simon Geary: "Re: Active directory and 2 domains"
- Next in thread: Cary Shultz [A.D. MVP]: "Re: Active directory and 2 domains"
- Reply: Cary Shultz [A.D. MVP]: "Re: Active directory and 2 domains"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
