Re: Multiple Forest woes . . .
- From: "Paul Williams [MVP]" <ptw2001@xxxxxxxxxxx>
- Date: Fri, 3 Mar 2006 08:26:17 -0000
Your computer can only be a member of one domain. Simply creating a
computer object in the internal domain isn't going to help. On your
workstation, disjoin from the domain (the same way you add) by dropping into
a workgroup and rebooting. Then change the TCP/IP settings so that you are
pointing to the internal DC for DNS and join to the internal domain.
Now create a trust on the internal domain to the external domain. If both
trusts created successfully (int trusts ext and is also trusted by ex and
vice-versa) then you will see both domains available in the Winlogon
dropdown. You will need an account (user or inetorgperson) in each domain
if you wish to logon to either domain.
Personally, I would configure each DNS server to forward to the ISP. If you
have 2003, you should conditionally forward to the other domain. If not,
you will need a secondary zone for the opposite domain on each DC.
--
Paul Williams
Microsoft MVP - Windows Server - Directory Services
http://www.msresource.net | http://forums.msresource.net
.
- Follow-Ups:
- Re: Multiple Forest woes . . .
- From: Joe Befumo
- Re: Multiple Forest woes . . .
- References:
- Multiple Forest woes . . .
- From: Joe Befumo
- Multiple Forest woes . . .
- Prev by Date: Re: _msdcs zone in multi domain forrest
- Next by Date: Re: Windows 2003 AD, move from server1 to server2
- Previous by thread: Multiple Forest woes . . .
- Next by thread: Re: Multiple Forest woes . . .
- Index(es):
Relevant Pages
|
