Re: 2 AD domains same physical switches and router ?


"Ace Fekay [MVP]" <PleaseAskMe@xxxxxxxxxxxxxx> wrote in message
news:%23hJDCyzxHHA.4184@xxxxxxxxxxxxxxxxxxxxxxx
In news:eSKQGVvxHHA.2432@xxxxxxxxxxxxxxxxxxxx,
news.microsoft.com <ChrisD@xxxxxxxxxxxxx> typed:
We are looking at merging one of our remote sites into our AD.
Currently the remote sites resources live on our parent companies
domain and we access via trusts.

What i'm after help on is the best way to do this.

I'm not really wanting to have to put static dns entries onto the
client pc's as we have quite a few laptops which means users whould
have to change these if the want to use broadband etc. Is the
longterm best option to invest in some new hardware router/firewall
and keep our AD isolated?
TIA

I believe the operative term is migrate, not merge, that is if you want
the workstations and user accounts to be part of your Active Directory
infrastructure. Keep in mind, you can't just toggle a laptop from one
domain to another that easily. From your descritpiton, I am not sure if
this is your goal. Do you want to join them to your domain and leave the
parent?

Also, when you say parent domain, is this an actual parent domain in the
same forest?

In an intra-forest migration, ADMT tool can migrate the user from one
domain to another as well as computer accounts. For both of these objects,
it will copy the accounts to the target domain, then delete the accounts
in the source domain. They will no longer exist in the source.

If you want to keep them in the 'parent' domain (assuming the parent is an
actual intra-forest parent domain), then all you have to do is bring the
laptops in to your network and they will easily "find" their domain
resources through your DNS servers specified in your own DHCP scope, that
is assumingly as long as your DNS infrastructure is configured and
designed properly and resolving everything properly in the forest (as it
should be in such an infrastructure) so there will be nothing to fear.

If what I posted is not what you wanted to hear, then I apologize for
misunderstanding your post. If this is the case, please reply back and
elaborate exactly as to what your intentions are, such as is this a true
migration or do you just want to allow those users to get to your
resources, their own resources, etc and is this with or without
disjoining/joining your domain?


--
Regards,
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Directory Services
Microsoft Certified Trainer

Infinite Diversities in Infinite Combinations

Having difficulty reading or finding responses to your post?
Instead of the website you're using, try using OEx (Outlook Express
or any other newsreader), and configure a news account, pointing to
news.microsoft.com. Anonymous access. It's free - no username or password
required nor do you need a Newsgroup Usenet account with your ISP. It
connects directly to the Microsoft Public Newsgroups. OEx allows you
o easily find, track threads, cross-post, sort by date, poster's name,
watched threads or subject. It's easy:

How to Configure OEx for Internet News
http://support.microsoft.com/?id=171164

"Quitting smoking is easy. I've done it a thousand times." - Mark Twain


I can see why Ace's post contained a lot of questions. You seem to be a
bit confused about how this all works. What does domain membership have to
do with Internet access?


There is no real problem with having a remote site containing members of
your domain. AD was designed to handle this sort of setup. And there is no
real problem with DNS or with Internet access. The site can have its own
direct connection to the Internet and have site to site routing for
domain-related traffic. DNS can be easily handled by making the DNS servers
in both sites secondaries for the "other" site. Each site DNS server can
then resolve names of machines in either site directly. Changes to DNS at
either site will replicate to the other.

Moving the machines in a site from one domain to another is a separate
issue, as Ace has pointed out.


.

Relevant Pages

  • Re: 2 AD domains same physical switches and router ?
    ... You would have your own DNS and your own DHCP and your own network link to ... The parent company in not a parent domain. ... At the moment our clients and servers are on our parent Companies domain. ... the workstations and user accounts to be part of your Active Directory ...
    (microsoft.public.windows.server.networking)
  • Re: 2 AD domains same physical switches and router ?
    ... The parent company in not a parent domain. ... At the moment our clients and servers are on our parent Companies domain. ... 100% sure what is the best way to point them to our DNS servers.. ... the workstations and user accounts to be part of your Active Directory ...
    (microsoft.public.windows.server.networking)
  • Re: 2 AD domains same physical switches and router ?
    ... Currently the remote sites resources live on our parent companies ... workstations and user accounts to be part of your Active Directory ... Instead of the website you're using, try using OEx (Outlook Express ...
    (microsoft.public.windows.server.networking)
  • Re: 2 AD domains same physical switches and router ?
    ... The parent company in not a parent domain. ... At the moment our clients and servers are on our parent Companies domain. ... 100% sure what is the best way to point them to our DNS servers.. ... the workstations and user accounts to be part of your Active Directory ...
    (microsoft.public.windows.server.networking)
  • Re: 2 AD domains same physical switches and router ?
    ... Would we publish all dns servers in the DHCp? ... The parent company in not a parent domain. ... At the moment our clients and servers are on our parent Companies domain. ...
    (microsoft.public.windows.server.networking)