Mine are both 2000 mixed mode.
Mine are both 2000 mixed mode.
Currently we have two networks- I am completely responsible for the curriculum but have no involvement whatsoever with the admin,(done by the LEA) but the new govt rules require the teachers and vle to have access to sims so we have to do something.
I would like to merge the domains as it just seems right to me but I need big arguments to convince the powers that be!
Yes, but the administrative overhead doesn't really apply as Dorset support the admin network completely, so in fact one network would mean more admin overhead for me - more servers, more computers to support etc etc.
Dorset LEA have been dragged kicking and screaming into the 21st century, finally, and will now 'allow' trusts to be set up but they still will not support the admin machines, SIMS or any financial packages if we go whole-school network.
So I guess I don't have a choice ATM.
I still don't understand quite how to set up a trust and I would be very wary of trying to sort out who can see what on my own. Any more advice, docs etc? gratefully received
You'll need at least a one-way trust from your curriculum network to your admin network. That'll then let you authenticate users from the admin for access to resources on your curriculum network. You will need to speak to the LEA though and get them to set up the other end of the trust.
This is assuming that the VLE is on your curriculum network, and authenticates against AD.
Once the trust is set up you can apply restrictions as you normally would to users on your system, permissions and so on.
Note though, a domain is the boundary for account and policy settings, so GPOs which contain those settings won't affect the users when they log on to your computers.
To set up the trust is fairly simple, depending on the type you want. The difficult bit is remembering how trusts 'point'.
If Domain A trusts Domain B with an outgoing 1-way trust, then it means that users from Domain B can be recognised to access resources on Domain A.
If Domain A and Domain B trust each other with a two-way trust, users from both can access resources on the other.
Several links on trusts (may have already been posted):
Domain Trust - Explanation of domain trusts and considerations to remember when applying them.
How to Create a Trust Relationship from One Computer - step by step for setting up a trust for access to a single computer
Domain and Forest Trust Tools and Settings: Domain and Forest Trusts - details of the various tools related to Domain and Forest trusts
Create an external trust: Active Directory - creating a one-way outgoing/incoming external domain trust
Create a two-way, external trust for both sides of the trust: Domain and Forest Trusts - creating a two-way external domain trust
Create a one-way, outgoing, forest trust for both sides of the trust: Domain and Forest Trusts - creating a one-way external forest trust
Trust between a Windows NT domain and an Active Directory domain cannot be established or it does not work as expected - a common problem once the trust is established
Hope this helps.
Edit: If you set up a transitive trust then any child domains will also trust the trusted domain.
Last edited by jamesb; 4th June 2009 at 12:09 PM.
steve_nfi (4th June 2009)
There are currently 1 users browsing this thread. (0 members and 1 guests)