Re: Two domains - creating one
- From: "Jorge Silva" <jorgesilva_pt@xxxxxxxxxxx>
- Date: Thu, 4 Oct 2007 16:26:01 +0100
Hi
Inline
We would like to create on forest and just have two domains under that
forest.
What do you win with that?
But we are concerned because of the degree that the firewall between
the two sites is locked down.
If security is very important and you don't want to take risks, use a
dedicaded line for internal communications.
The other problem is that the network on theWhy this is a problem, aren't you trying to move to only one Domain, that
secure side is in mixed mode with some W2K shares still on their network.
means that everybody belongs to the same forest, of course that DFL may be
considered less secure, in that case you'll need to move to next level wich
is 2000 Native, just make sure that no NT4 DCs are in the domain or they'll
loose the ability to communicate with 2000 DCs.
The other network is running in native mode on W2003 R2. We are alsoYou have VPN connections or dedicated lines to communicate, using FW between
concerned with the opening in the firewall that will be needed for that
domain traffic.
those comunications you'll need to open ports, otherwise no communications
are allowed you can't run from this.
Our current solution is to create all the users from the sensitive domainYou can always export the users, but, as you said you'll need to maintain
in
our domain and just make them authenticate here for e-mail (most will use
OWA
anyway). It will just be labor intensive to create all these users and
then
we will have to manage them from this point forward.
them separately
--
I hope that the information above helps you.
Have a Nice day.
Jorge Silva
MCSE, MVP Directory Services
"Joan" <Joan@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:35A3ECB3-1F4B-4899-9BEA-3F9502F407CF@xxxxxxxxxxxxxxxx
Scenario:
We have one network but two completely separate domains with a firewall in
between (one domain has very sensitive data). We are currently
implementing
Exchange 2007. Because of its heavy dependency on AD we have hit a few
stumbling blocks.
We would like to create on forest and just have two domains under that
forest. But we are concerned because of the degree that the firewall
between
the two sites is locked down. The other problem is that the network on
the
secure side is in mixed mode with some W2K shares still on their network.
The other network is running in native mode on W2003 R2. We are also
concerned with the opening in the firewall that will be needed for that
domain traffic.
Our current solution is to create all the users from the sensitive domain
in
our domain and just make them authenticate here for e-mail (most will use
OWA
anyway). It will just be labor intensive to create all these users and
then
we will have to manage them from this point forward.
Any suggestions?
Thanks for your help!
.
- Prev by Date: Re: USERENV Events 1030/1058 Access Denied to GPT.ini
- Next by Date: Re: SBS'03 - Local Users Not Listed in AD?
- Previous by thread: Group olicy for power saving settings?
- Next by thread: Re: Dedicated AD forest for external users?
- Index(es):
Relevant Pages
|
