Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Rhinorhino on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

ActiveDirectory integration 1

Status
Not open for further replies.
lengoo

lengoo

IS-IT--Management
Joined
Jan 15, 2002
Messages
381
Location
GH
Dear All,
I was wondering whether anyone could shed some light into something.
We are trying to merge two Windows 2000 networks which have AD running. The plan was initially to break one network up and join it to the existing one, new tree in forest configuration.
This would give us:
a) Logon capability at either site via the domain logon dropdown in teh logon screen
b) Email synchronisation and address list configuration
c) Automatic trusts relationships

However, we noticed that it is possible to use Active Directory Domains and Trusts and add the other domain in the trust (making some entries to the LMHOST). When successful, we find that this also allows people to logon from either domain to their respective account. This process means that we save a lot of time since we didn't have to break down one AD domain.
I wondered whether anyone knows the disadvantages of doing the integration this way. Are there any major flaws in this approach? From what we've seen, it looks like an easier way to link in the networks. We can also assign rights to folder and files for users of the other domain via the drop down.

Thanks for your time
 
Sort by date Sort by votes
What you've basically setup is the equivalent of trusting two NT4 domains together in a two way trust i.e. the domain controllers of both domains know about the other domain and pass any authentication requests to the other domain's domain controller.

Only disadvantages I can see are really dependent on the size of the organisation:

1. If you have more than one domain in different offices, you'll need to setup specific trusts between each domain and the new domain and maintain these trusts whereas if you integrated into the forest, this would be done for you automatically and needs no maintenance.
2. Obviously the new domain's accounts will not be stored in the Global Catalog of your domain so any authentication requests will possibly be going over WAN links using up bandwidth depending on your setup. This could be overcome by just installing a domain controller for the new domain in each site but this could be costly.
3. The Schema is not shared between each domain so any new company wide applications installed that modify the schema will need to implemented twice in each of the domains.

Those are the ones that immediately spring to my mind but I'm sure other people can think of more. My advice would be what you've got works now and is a nice quick fix, but long term I would plan to integrate the new domain into your forest as it will benefit you as the organisation grows. At least you've got a lot more time to test and do this now!

Cheers, Antony
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

intel233
  • Locked
  • Question Question
SAP-Active Dir Integration
Replies
1
Views
110
intel233
intel233
Mach2k12
  • Locked
  • Question Question
AD integration with Juniper SSG
Replies
1
Views
132
itsp1965
itsp1965
getndz
  • Locked
  • Question Question
Domain integration as OU
Replies
0
Views
19
getndz
getndz
getndz
  • Locked
  • Question Question
Integration of a domain as OU
Replies
3
Views
40
markdmac
markdmac
mlchris2
  • Locked
  • Question Question
ActiveDirectory changes not replicating...
Replies
3
Views
34
pagy
pagy

Part and Inventory Search

Sponsor

Back
Top