Re: Forest Trusts- roaming Laptops


"Phil S." <nospam-m-phil-NoSpam@one two three m-a-p-s.net> wrote in message
news:uJmex7XdHHA.2332@xxxxxxxxxxxxxxxxxxxxxxx
Short version of long story:

Company with 6 major divisions located in different cities. Each major
division is own Domain. No trusts setup, no forest, just independent
domains tied by VPNs. CIO, a Unix man thru and thru, likes it this way.

Senior HQ executives travel to sites with their laptops. They want to be
able to turn on laptops and have everything work without the 15 minute IT
support at each site messing with the computers to change domains, copy
PST files, yada-yada-yada. This has been going on for many years before I
join the company.

Users machines should NOT be changing domains when they travel -- especially
bad when there are no trusts (e.g., a single forest.)

The above description represents a very poor design.

Either the trusts should be used or the computers should stay in their OWN
Domain in practically any real-world case.

If we move to Full Forest Trust between all 6 domains,

How did you do that? (Existing) Domains cannot join a forest unless they
are being upgraded from NT to AD.

linked DNS, each site with DHCP, and so forth, wouldn't that eliminate the
IT support fix for these laptops for the traveling managers? Would we
still need to change the login Domain if the Domains were in a Win Server
2K3 forest trust?

No, but you shouldn't need to be changing that anyway.

Users shouldn't need to leave a domain to continue working on their machine.

This is a selfish reason I ask, I don't want to come into work on Saturday
just to mess with someone's laptop for 15 minutes and then go back home.

BTW: a link to a white paper or KB would be great.

It isn't that simple -- you likely need to thoroughly understand several
architectural components of Windows, AD, Logon, Profiles, etc and
probably need to talk to someone or hire a consultant.

--
Herb Martin, MCSE, MVP
http://www.LearnQuick.Com
(phone on web site)


.

Relevant Pages

  • Re: Forest Trusts- roaming Laptops
    ... I just need ammo to support my theory that with forest trusts setup, ... Just hopping someone with experience with traveling managers will respond. ... Senior HQ executives travel to sites with their laptops. ...
    (microsoft.public.windows.server.general)
  • Re: 2003 AD upgrade and consolidation
    ... Right now they don't share resources across companies. ... GPOs are NOT inherited by child domains, ... That's resource sharing and trusts too. ... Create the new forest domain. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Interforest migration with domain name change
    ... I want to move now to server 2003 to server 08 by first: ... Upgrading my forest to 2003 by using a member server and promoting it. ... Forest trusts come first with 2003. ... Trusts across Windows Server 2003 and Windows 2000 forests: ...
    (microsoft.public.windows.server.migration)
  • Re: Huge AD deployment
    ... Trusts between forests only create a trust between the two specific domains ... either forest or from forest to forest. ... > company.com in that data center and have every country trust company.com ... instead of going over the internet. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Trust relationships between sites.
    ... Trusts are between ... root forest domains of each forest.) ... Dump the LMHosts file and setup one or more WINS Server -- if you ... so that the DNS of Ad01 can resolve Ad02 and vice versa. ...
    (microsoft.public.win2000.active_directory)
Loading