Previous
Next
Fixed font
Subject: Re: Ace,I have some suggesstion
Author: Prince Kanago Date: 28 Nov 2010
References:
Author: Prince Kanago Date: 28 Nov 2010
References:
Okay here's the answer
Understand this that the Active directory Structure is very nicely done, which seems you are unable to understand...
I have some questions for you to answer
1. Did you checked Active Directory Sites and Services-Sites-Servers-NTDS Settings-Properties what did you see??
for all Servers in this forest to get an idea which Server is replicating with which one?? & how many GCS and ADC's you have??
2. One way to design such a structure which You are talking about is to have Parent OU's containing Sub OU's
These Sub OU's can be named as Users, Groups, Servers and Client Pc's which would contain those kind of objects (this would help the System Admin to run Scripts & manage GPO) all over the network, also in this structure you can have GCS and ADC for faster replication, fault tolerance and load balancing all over the forest at every site.
3. Every region would have a so called Administrator managing OU of that particular region creating deleting and managing user accounts and group membership on that master OU of which he/she has been assigned delegate control they can see other OU's also but would have read only access untill they have been assigned rights to manage other OU's
4. By default all these servers would have transitive trust and intrasite replication, only the servers naming convention would be tricky example NY-Dc01.xyz.com and cali-Dc01.xyz.com ofcourse NYdc01 will be in NY and Calidc01 would be in cali but they would replicate with each other and would have same netbios name on client Pc's in Cali and NY. however it doesnt matter if both are GCS on their respective sites or can be ADC for fast replication of objects
5. If you are 100% sure that there are Child Domains as i said then you should check ADS&S properly, if in case then you need to user "Windows 2003 Domain rename tool" and follow the process of Domain renamining
I have the experience of being in such a forest environment where you get this feeling
have a blessed day
and if you have any query please revert back
Prince Kanago
MCT, MCTS, MCSE, ITIL, IBM-EADP, CEH, CWNA
Windows 2000-2008
Understand this that the Active directory Structure is very nicely done, which seems you are unable to understand...
I have some questions for you to answer
1. Did you checked Active Directory Sites and Services-Sites-Servers-NTDS Settings-Properties what did you see??
for all Servers in this forest to get an idea which Server is replicating with which one?? & how many GCS and ADC's you have??
2. One way to design such a structure which You are talking about is to have Parent OU's containing Sub OU's
These Sub OU's can be named as Users, Groups, Servers and Client Pc's which would contain those kind of objects (this would help the System Admin to run Scripts & manage GPO) all over the network, also in this structure you can have GCS and ADC for faster replication, fault tolerance and load balancing all over the forest at every site.
3. Every region would have a so called Administrator managing OU of that particular region creating deleting and managing user accounts and group membership on that master OU of which he/she has been assigned delegate control they can see other OU's also but would have read only access untill they have been assigned rights to manage other OU's
4. By default all these servers would have transitive trust and intrasite replication, only the servers naming convention would be tricky example NY-Dc01.xyz.com and cali-Dc01.xyz.com ofcourse NYdc01 will be in NY and Calidc01 would be in cali but they would replicate with each other and would have same netbios name on client Pc's in Cali and NY. however it doesnt matter if both are GCS on their respective sites or can be ADC for fast replication of objects
5. If you are 100% sure that there are Child Domains as i said then you should check ADS&S properly, if in case then you need to user "Windows 2003 Domain rename tool" and follow the process of Domain renamining
I have the experience of being in such a forest environment where you get this feeling
have a blessed day
and if you have any query please revert back
Prince Kanago
MCT, MCTS, MCSE, ITIL, IBM-EADP, CEH, CWNA
Windows 2000-2008
> On Thursday, January 14, 2010 7:59 AM CPiO wrote:
> Hi,
>
> I am banging my head against the wall with this one and really need some
> help....
>
> Scenario:-
>
> I have 3 AD domains as follows:-
>
> Domain 1
> AD namespace - uk.company.local
> netbios domain name = ukcompany
> 2003 finctional forest and domain
>
> Domain 2
> AD namespace - france.company.local
> netbios domain name = company **same as domain 3
> 2000 finctional forest and domain
>
> Domain 3
> AD namespace - spain.company.local
> netbios domain name - company **same as domain 2
> 2000 finctional forest and domain
>
> Is there any way that Domain 1 can create a Trust to domain 2 and domain 3
> when they both use the same netbios domain name. Domain 2 and domain 3 NEVER
> need to trust one another.
>
> Pease help.....
>
> Many Thanks
>
> I am banging my head against the wall with this one and really need some
> help....
>
> Scenario:-
>
> I have 3 AD domains as follows:-
>
> Domain 1
> AD namespace - uk.company.local
> netbios domain name = ukcompany
> 2003 finctional forest and domain
>
> Domain 2
> AD namespace - france.company.local
> netbios domain name = company **same as domain 3
> 2000 finctional forest and domain
>
> Domain 3
> AD namespace - spain.company.local
> netbios domain name - company **same as domain 2
> 2000 finctional forest and domain
>
> Is there any way that Domain 1 can create a Trust to domain 2 and domain 3
> when they both use the same netbios domain name. Domain 2 and domain 3 NEVER
> need to trust one another.
>
> Pease help.....
>
> Many Thanks
>> On Thursday, January 14, 2010 8:27 AM Meinolf Weber [MVP-DS] wrote:
>> Hello CPiO,
>>
>> The NetBIOS name MUST be different to create a trust. So you have to rename
>> one domain or migrate to a new domain with a different name. NO other option
>> exists.
>>
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and confers
>> no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>
>> The NetBIOS name MUST be different to create a trust. So you have to rename
>> one domain or migrate to a new domain with a different name. NO other option
>> exists.
>>
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and confers
>> no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>> On Thursday, January 14, 2010 8:28 AM Paul Bergson [MVP-DS] wrote:
>>> You will not be able to accomplish this and I am quite surprised that you can
>>> have two domains in the same forest, with the same netbios name. I am
>>> guessing you are at Domain Functional Level (DFL) and Forest Functional
>>> level (FFL) of 2000 and again I will be surprised if you will be able to
>>> move to DFL/FFL of 2003 or 2008.
>>>
>>> --
>>> Paul Bergson
>>> MVP - Directory Services
>>> MCTS, MCT, MCSE, MCSA, Security+, BS CSci
>>> 2008, 2003, 2000 (Early Achiever), NT4
>>> Microsoft's Thrive IT Pro of the Month - June 2009
>>>
>>> http://www.pbbergs.com
>>>
>>> Please no e-mails, any questions should be posted in the NewsGroup This
>>> posting is provided "AS IS" with no warranties, and confers no rights.
>>> have two domains in the same forest, with the same netbios name. I am
>>> guessing you are at Domain Functional Level (DFL) and Forest Functional
>>> level (FFL) of 2000 and again I will be surprised if you will be able to
>>> move to DFL/FFL of 2003 or 2008.
>>>
>>> --
>>> Paul Bergson
>>> MVP - Directory Services
>>> MCTS, MCT, MCSE, MCSA, Security+, BS CSci
>>> 2008, 2003, 2000 (Early Achiever), NT4
>>> Microsoft's Thrive IT Pro of the Month - June 2009
>>>
>>> http://www.pbbergs.com
>>>
>>> Please no e-mails, any questions should be posted in the NewsGroup This
>>> posting is provided "AS IS" with no warranties, and confers no rights.
>>>> On Thursday, January 14, 2010 8:37 AM Ace Fekay [MVP-DS, MCT] wrote:
>>>> I concur with Paul and Meinolf. For domain to domain trusts, which are
>>>> reliant on NetBIOS name resolution and support, the names *must* be
>>>> different.
>>>>
>>>>
>>>> --
>>>> Ace
>>>>
>>>> This posting is provided "AS-IS" with no warranties or guarantees and
>>>> confers no rights.
>>>>
>>>> Please reply back to the newsgroup or forum for collaboration benefit among
>>>> responding engineers, and to help others benefit from your resolution.
>>>>
>>>> Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE &
>>>> MCSA 2003/2000, MCSA Messaging 2003
>>>> Microsoft Certified Trainer
>>>> Microsoft MVP - Directory Services
>>>>
>>>> If you feel this is an urgent issue and require immediate assistance, please
>>>> contact Microsoft PSS directly. Please check http://support.microsoft.com
>>>> for regional support phone numbers.
>>>> reliant on NetBIOS name resolution and support, the names *must* be
>>>> different.
>>>>
>>>>
>>>> --
>>>> Ace
>>>>
>>>> This posting is provided "AS-IS" with no warranties or guarantees and
>>>> confers no rights.
>>>>
>>>> Please reply back to the newsgroup or forum for collaboration benefit among
>>>> responding engineers, and to help others benefit from your resolution.
>>>>
>>>> Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE &
>>>> MCSA 2003/2000, MCSA Messaging 2003
>>>> Microsoft Certified Trainer
>>>> Microsoft MVP - Directory Services
>>>>
>>>> If you feel this is an urgent issue and require immediate assistance, please
>>>> contact Microsoft PSS directly. Please check http://support.microsoft.com
>>>> for regional support phone numbers.
>>>>> On Thursday, January 14, 2010 9:09 AM Paul Bergson [MVP-DS] wrote:
>>>>> Ace,
>>>>> I do not get it. How were they ever able to configure two domains in the
>>>>> same forest with the same netbios name? Is it because in 2000 there is not
>>>>> transitivity?
>>>>>
>>>>> --
>>>>> Paul Bergson
>>>>> MVP - Directory Services
>>>>> MCTS, MCT, MCSE, MCSA, Security+, BS CSci
>>>>> 2008, 2003, 2000 (Early Achiever), NT4
>>>>> Microsoft's Thrive IT Pro of the Month - June 2009
>>>>>
>>>>> http://www.pbbergs.com
>>>>>
>>>>> Please no e-mails, any questions should be posted in the NewsGroup This
>>>>> posting is provided "AS IS" with no warranties, and confers no rights.
>>>>> I do not get it. How were they ever able to configure two domains in the
>>>>> same forest with the same netbios name? Is it because in 2000 there is not
>>>>> transitivity?
>>>>>
>>>>> --
>>>>> Paul Bergson
>>>>> MVP - Directory Services
>>>>> MCTS, MCT, MCSE, MCSA, Security+, BS CSci
>>>>> 2008, 2003, 2000 (Early Achiever), NT4
>>>>> Microsoft's Thrive IT Pro of the Month - June 2009
>>>>>
>>>>> http://www.pbbergs.com
>>>>>
>>>>> Please no e-mails, any questions should be posted in the NewsGroup This
>>>>> posting is provided "AS IS" with no warranties, and confers no rights.
>>>>>> On Thursday, January 14, 2010 9:49 AM Ace Fekay [MVP-DS, MCT] wrote:
>>>>>> I am taking that the poster was implying (as I interpreted it) that it never
>>>>>> worked.
>>>>>>
>>>>>> Windows NT4, 2000 & 2003 domain-domain trusts are NetBIOS based and are not
>>>>>> transitive. However, Windows 2003 forest-forest trusts, in 2003 Forest and
>>>>>> Domain FL are transitive, but are DNS based.
>>>>>>
>>>>>> Ace
>>>>>> worked.
>>>>>>
>>>>>> Windows NT4, 2000 & 2003 domain-domain trusts are NetBIOS based and are not
>>>>>> transitive. However, Windows 2003 forest-forest trusts, in 2003 Forest and
>>>>>> Domain FL are transitive, but are DNS based.
>>>>>>
>>>>>> Ace
>>>>>> Submitted via EggHeadCafe
>>>>>> OAuth Basics for .NET Developers
>>>>>> http://www.eggheadcafe.com/tutorials/aspnet/16beeea4-4332-4d23-8433-ade0ae6dbcbd/oauth-basics-for-net-developers.aspx
>>>>>> OAuth Basics for .NET Developers
>>>>>> http://www.eggheadcafe.com/tutorials/aspnet/16beeea4-4332-4d23-8433-ade0ae6dbcbd/oauth-basics-for-net-developers.aspx
| 28 Nov 2010 | Re: Ace,I have some suggesstion | Prince Kanago |
Previous
Next