Trust Relationship between two Windows domain

Discussion in 'Server Networking' started by Imran Ahmad, Nov 2, 2006.

  1. Imran Ahmad

    Imran Ahmad Guest

    Dear Fellows,


    Recently I have given a task to move and merge existing network to another
    location in the building. Below I have provided generic description of
    present and future network.


    Existing network 1 (contoso.com) at location A

    Currently we are running four servers, which are Windows domain controller,
    File server, Citrix Server, and SQL Server.



    Future network 2 (contoso.org) at location B

    The future network will include six new servers to another location in the
    same building. My goal is to accomplish; some how tied (trust relation) these
    two networks temporarily so the users can access files and application
    between two LAN. I would also like to phase out existing network once I am
    finished migration of existing application/data to network 2.

    I have never done this before, please advice what would be better route for
    me to take in order to accomplish smooth migration of current situation. Any
    help would greatly appreciate it.


    Many Thanks

    Regards,

    Imran Ahmad
     
    Imran Ahmad, Nov 2, 2006
    #1
    1. Advertisements

  2. Hi Imran --

    I would like to recommend the following Active Directory papers to assist
    you:

    Designing the Active Directory Logical Structure
    http://technet2.microsoft.com/WindowsServer/en/library/2bd36720-ed2e-47ed-
    a80d-fa43a403b4361033.mspx

    and

    Planning and Implementing Federated Forests in Windows Server 2003
    http://technet2.microsoft.com/WindowsServer/en/library/9e9469e7-c891-4c15-
    85f9-7d30bb87e5921033.mspx

    There might be other helpful resources at the following site:

    Microsoft Windows Server 2003 Active Directory
    http://technet2.microsoft.com/windowsserver/en/technologies/featured/ad/def
    ault.mspx


    --
    James McIllece, Microsoft

    Please do not send email directly to this alias. This is my online account
    name for newsgroup participation only.

    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    James McIllece [MS], Nov 3, 2006
    #2
    1. Advertisements

  3. Imran Ahmad

    zuma.net Guest

    I have two seperate locations connected thru VPN.

    Site A Domain A w2003
    Site B Domain B w2003

    I want to set up trust.
    If understand corectly:
    Add forwarder to DNS Domain on both sides Name and IP
    Add each side two way in trust Applet

    Do I have to raise both to w2003, one is and one is not,

    I am afraid that it might affect my current setup,

    Current setup:
    Site A has Exch 2003
    Site B connects acroos VPN to exch 2003

    New config is to reverse and have Site B host Ex 2003

    When I try to connect to new Exch on other domain it wont acceptin utlook,
    it populates local AD Exch.

    If I make a trust will it then be able to reach new Exch on other Domain?

    Thank you in advance
     
    zuma.net, Mar 17, 2009
    #3
  4. 1. It would have to be a Conditional Forwarder in DNS or you will get an
    endless loop.

    2. Each site is going to be a different Subnet.

    3. Exchange has nothing to do with Subnets

    4. Domains have nothing to do with Subnets

    5. Exchange only cares about Domains,..and the Mailboxes exist in AD in the
    Domain,...not on the Exchange itself. It doesn't matter where it is
    physically located or what subnet it is in.

    --
    Phillip Windell
    www.wandtv.com

    The views expressed, are my own and not those of my employer, or Microsoft,
    or anyone else associated with me, including my cats.
    -----------------------------------------------------
     
    Phillip Windell, Mar 17, 2009
    #4
  5. To clarify that, a mailbox is "imaginary",..it is nothing more than an
    Active Directory Attribute of an Object (in this example, a user object).
    The actual data associated with the User account (via the Mailbox Attribute)
    is stored in the Information Store on the Exchange Server.

    So it is a complex integrated system.

    --
    Phillip Windell
    www.wandtv.com

    The views expressed, are my own and not those of my employer, or Microsoft,
    or anyone else associated with me, including my cats.
    -----------------------------------------------------
     
    Phillip Windell, Mar 17, 2009
    #5
  6. Imran Ahmad

    zuma.net Guest

    So how do I reach the other Exchange server 2007 if it is on a seperate Domain?
     
    zuma.net, Mar 17, 2009
    #6
  7. I don't think you understand the situation.
    You don't reach an Exchange Server "on a Domain",...you reach the Exchange
    Server "on a network". Domains are not "networks". Domains are
    "administrative environments".

    The user and the Exchange are going to be on the same Domain togther to
    start with.
    The user has to use the Exchange that is in the same Domain (administrative
    environment) that the user is in.

    To make it more clear,...you can't have one Exchange and two Domains.
    You must have two Exchanges if you have two Domains (one Exchange in each
    Domain). Exchange is "married" to the Domain it operates in,...and it
    doesn't cheat on its husband.

    Now you can have multiple Exchanges from different Domains operate together
    in the same Exchange Organization if the two Domains are in the same Forest
    (like in a Root Domain/Child Domain situation).


    You can have multiple Exchanges in one Domain or Forest

    But you cannot have one Exchange in multiple Domains or Forests.


    --
    Phillip Windell
    www.wandtv.com

    The views expressed, are my own and not those of my employer, or Microsoft,
    or anyone else associated with me, including my cats.
    -----------------------------------------------------
     
    Phillip Windell, Mar 17, 2009
    #7
  8. Imran Ahmad

    zuma.net Guest

    I understand what you are saying, ea domain needs its own exch. Server.

    I had the users in the other domain connecting to the Ex 2003 with no
    problem. This way they had full exch features from both domains. These are
    ..local domains.

    I would create the user in both domains so they would be able to
    authenticate, user name and password.

    If I set up a trust, will that allow connectivity?
     
    zuma.net, Mar 17, 2009
    #8
  9. Imran Ahmad

    zuma.net Guest

    Any ideas?

     
    zuma.net, Mar 18, 2009
    #9
  10. Look...

    You have 2 Sites,...a Domain in each Site

    Therefore you need 2 Exchanges,....one in each site/domain.

    If both Domains are in the same Forest the two Exchanges can be in the same
    Exchange Organization, but if it is not the same Forest then that is not
    possible.


    --
    Phillip Windell
    www.wandtv.com

    The views expressed, are my own and not those of my employer, or Microsoft,
    or anyone else associated with me, including my cats.
    -----------------------------------------------------
     
    Phillip Windell, Mar 18, 2009
    #10
  11. Imran Ahmad

    zuma.net Guest

    How can I make them both in the same forest now, can I create a trust?
     
    zuma.net, Mar 18, 2009
    #11
  12. You can't.

    You have to create a new Domain within one of the existing Forests then
    migrate the users from the left-over Domain into it.

    Or create a whole new Forest with completely new Domains and migrate the
    users from the old domains into the new ones.

    Or just have one Forest with one Domain and forget it. Migrate everyone
    into it.

    This is why this stuff requires knowledge and planning before you commit
    yourself to doing something that can't be done.

    --
    Phillip Windell
    www.wandtv.com

    The views expressed, are my own and not those of my employer, or Microsoft,
    or anyone else associated with me, including my cats.
    -----------------------------------------------------
     
    Phillip Windell, Mar 18, 2009
    #12
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.