+ Post New Thread
Page 2 of 2 FirstFirst 12
Results 16 to 22 of 22
Windows Server 2000/2003 Thread, Setting up a trust between servers. in Technical; Mine are both 2000 mixed mode....
  1. #16
    steve_nfi's Avatar
    Join Date
    Nov 2007
    Location
    Central London
    Posts
    290
    Thank Post
    149
    Thanked 24 Times in 20 Posts
    Rep Power
    18
    Mine are both 2000 mixed mode.

  2. #17

    witch's Avatar
    Join Date
    Nov 2005
    Location
    Dorset
    Posts
    10,401
    Thank Post
    1,106
    Thanked 2,092 Times in 1,472 Posts
    Rep Power
    651
    Quote Originally Posted by Michael View Post
    Chances are if you don't know the domain level, it'll be the default which is '2000 Mixed'. Setting up trusts are fairly straight forward, but in the longterm I would look at merging the admin domain (typically very small) with the curriculum domain.
    Why would you look at merging the domains in the long term? If the trust works, then what advantages would one domain have?
    Currently we have two networks- I am completely responsible for the curriculum but have no involvement whatsoever with the admin,(done by the LEA) but the new govt rules require the teachers and vle to have access to sims so we have to do something.
    I would like to merge the domains as it just seems right to me but I need big arguments to convince the powers that be!

  3. #18

    powdarrmonkey's Avatar
    Join Date
    Feb 2008
    Location
    Alcester, Warwickshire
    Posts
    4,855
    Thank Post
    412
    Thanked 777 Times in 650 Posts
    Rep Power
    181
    Quote Originally Posted by witch View Post
    Why would you look at merging the domains in the long term? If the trust works, then what advantages would one domain have?
    Currently we have two networks- I am completely responsible for the curriculum but have no involvement whatsoever with the admin,(done by the LEA) but the new govt rules require the teachers and vle to have access to sims so we have to do something.
    I would like to merge the domains as it just seems right to me but I need big arguments to convince the powers that be!
    To minimise the administrative overhead of having multiple domains in separate forests. Separate domains are now no more secure than well-planned Active Directory partitioning and NTFS permissions, and of course well-defined and enforced human policies too, and Microsoft's official advice (at least last time I looked) has changed from 'keep them separate' to 'keep them simple'.

  4. #19

    witch's Avatar
    Join Date
    Nov 2005
    Location
    Dorset
    Posts
    10,401
    Thank Post
    1,106
    Thanked 2,092 Times in 1,472 Posts
    Rep Power
    651
    Yes, but the administrative overhead doesn't really apply as Dorset support the admin network completely, so in fact one network would mean more admin overhead for me - more servers, more computers to support etc etc.
    Dorset LEA have been dragged kicking and screaming into the 21st century, finally, and will now 'allow' trusts to be set up but they still will not support the admin machines, SIMS or any financial packages if we go whole-school network.
    So I guess I don't have a choice ATM.
    I still don't understand quite how to set up a trust and I would be very wary of trying to sort out who can see what on my own. Any more advice, docs etc? gratefully received

  5. #20

    Join Date
    Mar 2008
    Location
    Surrey
    Posts
    2,161
    Thank Post
    95
    Thanked 318 Times in 260 Posts
    Blog Entries
    4
    Rep Power
    111
    Quote Originally Posted by witch View Post
    Currently we have two networks- I am completely responsible for the curriculum but have no involvement whatsoever with the admin,(done by the LEA) but the new govt rules require the teachers and vle to have access to sims so we have to do something.
    I would like to merge the domains as it just seems right to me but I need big arguments to convince the powers that be!
    Merging the domains would be a simpler, easier option however a trust should work.

    You'll need at least a one-way trust from your curriculum network to your admin network. That'll then let you authenticate users from the admin for access to resources on your curriculum network. You will need to speak to the LEA though and get them to set up the other end of the trust.

    This is assuming that the VLE is on your curriculum network, and authenticates against AD.

  6. #21
    steve_nfi's Avatar
    Join Date
    Nov 2007
    Location
    Central London
    Posts
    290
    Thank Post
    149
    Thanked 24 Times in 20 Posts
    Rep Power
    18
    Quote Originally Posted by witch View Post
    I still don't understand quite how to set up a trust and I would be very wary of trying to sort out who can see what on my own. Any more advice, docs etc? gratefully received
    I'm with Witch in this one. Any advice or pointers would be appreciated. People keep saying it's simple but not saying how.

  7. #22

    Join Date
    Mar 2008
    Location
    Surrey
    Posts
    2,161
    Thank Post
    95
    Thanked 318 Times in 260 Posts
    Blog Entries
    4
    Rep Power
    111
    Once the trust is set up you can apply restrictions as you normally would to users on your system, permissions and so on.

    Note though, a domain is the boundary for account and policy settings, so GPOs which contain those settings won't affect the users when they log on to your computers.

    To set up the trust is fairly simple, depending on the type you want. The difficult bit is remembering how trusts 'point'.

    If Domain A trusts Domain B with an outgoing 1-way trust, then it means that users from Domain B can be recognised to access resources on Domain A.

    If Domain A and Domain B trust each other with a two-way trust, users from both can access resources on the other.

    Several links on trusts (may have already been posted):

    Domain Trust - Explanation of domain trusts and considerations to remember when applying them.

    How to Create a Trust Relationship from One Computer - step by step for setting up a trust for access to a single computer

    Domain and Forest Trust Tools and Settings: Domain and Forest Trusts - details of the various tools related to Domain and Forest trusts

    Create an external trust: Active Directory - creating a one-way outgoing/incoming external domain trust

    Create a two-way, external trust for both sides of the trust: Domain and Forest Trusts - creating a two-way external domain trust

    Create a one-way, outgoing, forest trust for both sides of the trust: Domain and Forest Trusts - creating a one-way external forest trust

    Trust between a Windows NT domain and an Active Directory domain cannot be established or it does not work as expected - a common problem once the trust is established

    Hope this helps.

    Edit: If you set up a transitive trust then any child domains will also trust the trusted domain.
    Last edited by jamesb; 4th June 2009 at 11:09 AM.

  8. Thanks to jamesb from:

    steve_nfi (4th June 2009)

SHARE:
+ Post New Thread
Page 2 of 2 FirstFirst 12

Similar Threads

  1. Setting network save setting in Kar2ouche
    By Little-Miss in forum Windows
    Replies: 3
    Last Post: 12th December 2011, 03:44 PM
  2. RBC's - do you trust them?
    By KWestos in forum General Chat
    Replies: 0
    Last Post: 7th May 2009, 03:11 PM
  3. Becoming a Trust school...
    By wagnerk in forum General Chat
    Replies: 3
    Last Post: 28th October 2008, 01:26 PM
  4. Domain Trust
    By ful56_uk in forum Windows
    Replies: 12
    Last Post: 14th April 2008, 10:47 PM
  5. Trust Help
    By Ric_ in forum Windows
    Replies: 7
    Last Post: 20th October 2005, 06:03 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •