Re: Two different domains with same name - Problems?
- From: "SuperGumby [SBS MVP]" <not@xxxxxxxxxxx>
- Date: Mon, 2 Mar 2009 08:30:58 +1100
and yes, at this level (SID) the domains are distinct, however TTBOMK domain discovery happens by name so the 'foreign' PCs will _attempt_ to log onto the domain, causing more grief than I can imagine. Probably not much for distinct user/machine accounts but imagine:
PC01 exists on both domains. When PC01 from Domain1 is physically connected to Domain2 it attempts to authenticate to the domain. At the lowest level this gets translated to the PC and Domain SIDs but I wonder about things like Kerberos.
User 'Fred' exists on both domains. Initial connections from Fred are parsed to get the domain/user SIDs and fail to match so fallback to PTA (Pass Through Authentication), at this time Fred@Domain1 will cause Fred@Domain2's account to be locked out due to auth failure.
The OP _may_ be able to get around such problems using network manager software and actually having accounts for all common users on both servers. Users would choose the profile at machine startup, depending on location. This would involve joining the PC to Domain1, saving the profile in the network manager, and then joining Domain2 and again saving the profile.
--
SBS remote support services. (Fees apply)
mickm at mickmalloy dot dyndns dot org
"Cris Hanna [SBS-MVP]" <crisnospamhanna@xxxxxxxxxxxxxxxxxxxxx> wrote in message news:u5AB54pmJHA.1288@xxxxxxxxxxxxxxxxxxxxxxx
While the domain name may be the same, the SID (a security id which is created between the workstation and domain controller when you join to the domain) would be different
--
Cris Hanna [SBS - MVP]
Co-Contributor, Windows Small Business Server 2008 Unleashed
http://www.amazon.com/Windows-Small-Business-Server-Unleashed/dp/0672329573/ref=pd_bbs_sr_1?ie=UTF8&s=books&qid=1217269967&sr=8-1
Owner, CPU Services, Belleville, IL
A Microsoft Registered Partner
------------------------------------
MVPs do not work for Microsoft
Please do not submit questions directly to me.
"Sihvi" <aki.koikkalainen@xxxxxxxxx> wrote in message news:92767581-daf6-46cc-aa93-dd2997f9530f@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Thanks for your comments Lanwench. I'm little bit relieved now =)
> It can be problematic, but it can work. I assume the server names aren't
> identical.
I hope so, but I'm afraid that even this can be the case. I'm not in
contact with this other office, so I don't know for sure.
> How are you logging into it if you don't belong to it?
I was wondering that if you connect to a network where another domain
server is present with same name, wouldn't windows try to look for
account from this domain and get an error as the user account is not
found from the server?
> > for
> > you "own" domain. After this, how would you be able to connect to your
> > "own domain" without physically joining to your "own domain network"
> > again?
>
> You're never disjoining it. I don't think this is a problem, but it's very
> easy to test.
My guess was that you might "disjoin" it when another server with same
name would give you an error that account was not found or password
incorrect. But my fear was not real, if there is other kind of
identifications methods between server and client (SID that you
mentioned).
> But I'd propose they set up a VPN WAN link and use a single domain - a bit
> of a pain to migrate but would give them a much more flexible setup. If you
> are using SBS, you need to buy regular Windows server for the "satellite" /
> branch office.
I'll have to look for this option.
.
- Follow-Ups:
- References:
- Re: Two different domains with same name - Problems?
- From: Sihvi
- Re: Two different domains with same name - Problems?
- From: Cris Hanna [SBS-MVP]
- Re: Two different domains with same name - Problems?
- Prev by Date: Re: SBS 2003 cant ftp from outside lan
- Next by Date: Re: Licensing on used server
- Previous by thread: Re: Two different domains with same name - Problems?
- Next by thread: Re: Two different domains with same name - Problems?
- Index(es):
Relevant Pages
|
