join AD networks

[graeme]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Hi All,

Here's my question. I need to join 2 totally separate networks together. One
network has w2k as domain controller with AD and the other network has a
Windows 2003 domain controller and is also the file server. The 2003 network
has users that have NTFS permissions for their folders etc and also have
another account on the w2k network with again their own permissions.
I need to join them so that the w2k is the domain controller and demote the
w2003 server to a member server. Any idea what the best way forward is that
wil involve the least work? If the worst is setting up the file permissions
again on the w2k network, then so be it, but is their an easy way? All
answers greatfully received
Graeme

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Graeme,

Have you not thought about a trust between the two forests? You might want
to use netdom from the Support Tools to do this. This would allow you to
give access to resources in one Domain to user account objects from both
Domains. All you need to do is to work with the Share and NTFS permissions.
And that would be an easy task if you set up groups properly. Use the local
group scenario on the Share and NTFS permissions and make consider using
Universal Groups....

No problem!

--
Cary W. Shultz
Roanoke, VA 24014
Microsoft Active Directory MVP

http://www.activedirectory-win2000.com
http://www.grouppolicy-win2000.com



"Graeme" <Graeme@discussions.microsoft.com> wrote in message
news:76E13B64-2DF5-44FB-AE9C-F38DBC73D559@microsoft.com...
> Hi All,
>
> Here's my question. I need to join 2 totally separate networks together.
> One
> network has w2k as domain controller with AD and the other network has a
> Windows 2003 domain controller and is also the file server. The 2003
> network
> has users that have NTFS permissions for their folders etc and also have
> another account on the w2k network with again their own permissions.
> I need to join them so that the w2k is the domain controller and demote
> the
> w2003 server to a member server. Any idea what the best way forward is
> that
> wil involve the least work? If the worst is setting up the file
> permissions
> again on the w2k network, then so be it, but is their an easy way? All
> answers greatfully received
> Graeme

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

"Graeme" <Graeme@discussions.microsoft.com> wrote in message
news:76E13B64-2DF5-44FB-AE9C-F38DBC73D559@microsoft.com...
> Hi All,
>
> Here's my question. I need to join 2 totally separate networks together.
One
> network has w2k as domain controller with AD and the other network has a
> Windows 2003 domain controller and is also the file server. The 2003
network
> has users that have NTFS permissions for their folders etc and also have
> another account on the w2k network with again their own permissions.

> I need to join them so that the w2k is the domain controller and demote
the
> w2003 server to a member server. Any idea what the best way forward is
that
> wil involve the least work?

Well first, what you propose cannot be done.

You can migrate the users and computers but there
is no way to graft domains onto a forest or merge
domains directly.

> If the worst is setting up the file permissions
> again on the w2k network, then so be it, but is their an easy way? All
> answers greatfully received

As Cary suggested you might want to just keep them
both and create EXTERNAL trusts between the (two?)
domains.

Otherwise migration with ADMT (v2) is likely your
best bet.
--
Herb Martin


> Graeme