+ Post New Thread
Results 1 to 9 of 9
Wireless Networks Thread, Joining 2 school domains in Technical; Hi all, I am looking for thoughts, opinions and input on an idea that has been brought up recently by ...
  1. #1

    Join Date
    Jan 2010
    Posts
    12
    Thank Post
    5
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Joining 2 school domains

    Hi all,

    I am looking for thoughts, opinions and input on an idea that has been brought up recently by 2 schools on our site. The scenario is as follows:

    There are 2 schools on our site, with a fibre link between the 2 (untested and unused for many years) the 2 schools have pupils that have lessons at both schools and therefore the idea has been brought up that it would be great if a student from School A could login at School B and vice-versa, using the same login credentials, and access the same shares etc. 1 school is a CC3, win2k3 domain, the other a win2k3 (vanilla). Both schools have showed willingness to go ahead with such a project, however, an initial meeting hasn't been planned yet, I am merely doing some research in preparation for such a time.

    Having never tried to achieve this before, I am looking for guidance, input and general thoughts from anyone who has knowledge or considered this before. My initial thoughts are that this is surely achievable, but by no means a small task. Presumably 1 domain would have to be a sub domain or would a trust relationship be sufficient?

    I haven't done much research in to this yet but will be doing so over the next few weeks, however, I thought the best place to start would be with the lovely folks at EduGeek!

    Many thanks in advance for your input.

    Thanks,
    Matt

  2. #2
    willtech's Avatar
    Join Date
    Jun 2010
    Location
    in a server room
    Posts
    30
    Thank Post
    6
    Thanked 4 Times in 3 Posts
    Blog Entries
    1
    Rep Power
    9
    I work at a school that run a trust between two win2k3 domains and it is not too bad the only problem you will have is when you have a network issue that brakes the trust. all our shares and my docs are linked to the main server at the other site

    I dont know if this can help you at all:
    How Domain and Forest Trusts Work: Domain and Forest Trusts
    http://www.windowsnetworking.com/art...vironment.html
    http://www.windowsnetworking.com/art...n-Forests.html

    it could be a hard task depending on how the systems are allready setup
    Last edited by willtech; 10th September 2010 at 07:58 PM.

  3. #3

    witch's Avatar
    Join Date
    Nov 2005
    Location
    Dorset
    Posts
    11,272
    Thank Post
    1,375
    Thanked 2,378 Times in 1,674 Posts
    Rep Power
    703
    We are going through the same thing with our admin and curriculum networks - Dorset County recommend a trust so that is the way we are going -seems fairly straightforward

  4. #4

    Join Date
    Jan 2006
    Location
    Surburbia
    Posts
    2,178
    Thank Post
    74
    Thanked 307 Times in 243 Posts
    Rep Power
    115
    1 school is a CC3, win2k3 domain, the other a win2k3 (vanilla)
    Don't take this as the final word by any means, but CC3 may inadvertently get in the way and I suspect most of the problems will be for Vanilla folk trying to logon to workstations in the CC3 school. No domain drop-down on the logon screen for starters, and although I think you can put the MS Gina back I suspect the issues won't stop there. The Group Policy RM have abstracted away behind their management console is one of the potentially "interesting" bits (what User policy does Vanilla user get on a CC3 workstation and vice versa?)

  5. #5

    witch's Avatar
    Join Date
    Nov 2005
    Location
    Dorset
    Posts
    11,272
    Thank Post
    1,375
    Thanked 2,378 Times in 1,674 Posts
    Rep Power
    703
    Quote Originally Posted by PiqueABoo View Post
    Don't take this as the final word by any means, but CC3 may inadvertently get in the way and I suspect most of the problems will be for Vanilla folk trying to logon to workstations in the CC3 school. No domain drop-down on the logon screen for starters, and although I think you can put the MS Gina back I suspect the issues won't stop there. The Group Policy RM have abstracted away behind their management console is one of the potentially "interesting" bits (what User policy does Vanilla user get on a CC3 workstation and vice versa?)
    This difference is why I think a trust would be better than a full integration - in fact I am not sure it would be possible to integrate them. But a trust should be able to be configured to do what you want, I would have thought?

  6. #6

    Join Date
    Jan 2006
    Location
    Surburbia
    Posts
    2,178
    Thank Post
    74
    Thanked 307 Times in 243 Posts
    Rep Power
    115
    But a trust should be able to be configured to do what you want, I would have thought?
    Disclaimer: It's been quite a while and I'm not 100% clear what they want to achieve but there are two typical scenarios in trusts:

    Potentially Easy: domainA\Fred logs on to domainA computer and accesses resources in both domains.
    Potentially Hard: domainA\Fred logs on to domainB computer and accesses resources in both domains.

    For the hard one you have to worry about what User policy Fred gets to do all that desktop lockdown we all have. They're not in domainB's active directory where domainB's user policy is linked so won't get any when logging on there without some effort. The default trick used to be to pick up all the policy that applies to average domainB user and link it to domainB computers, and with a forest trust the system automagically applies that linked policy to Fred via loopback processing. You also have to add more loopback policy to add extra drive mappings etc. to resources back in domainA. This might just work if you're lucky when domainB is a CC3 (or for that matter any other seriously developed vanilla that never expected to have to accomodate this) but I'd expect a bit of a battle I might not win.

    In this specific scenario I'm much happier contemplating making the trust, but Fred has accounts in both domains i.e. you add mappings back to domainA when they log on to domainB as domainB\Fred account. But I wouldn't want to do that either - doing this kind of thing between separately managed organisations often gets bogged down in politics and then thrown away after a while.

    If it's between new or revamped vanillas that's different and approaches like willtech's might be viable, but I can't see that ever working with a CC3 and vanilla.

    It can all get a bit hideous really and AIUI peripatetic students are one of the very significant factors in RBC/whatever VLEs [will they survive given the Incredible Disappearing HT Grants] and other keep-your-stuff-in-the-sky campaigns i.e. so it's all there in a familiar guise wherever you are.

    PS:"domain' really means single-domain-forest in the above.

  7. #7
    p858snake's Avatar
    Join Date
    Dec 2008
    Location
    Queensland
    Posts
    1,490
    Thank Post
    37
    Thanked 175 Times in 151 Posts
    Blog Entries
    2
    Rep Power
    51
    Personally I would just dump both networks and start fresh with a single domain, since one of the sites already has cc3 on it, that will most likely cause issues and this way you won't need to have to worry about two way domain trust issues.

  8. #8
    mjs_mjs's Avatar
    Join Date
    Jan 2009
    Location
    bexleyheath, london
    Posts
    1,020
    Thank Post
    37
    Thanked 111 Times in 95 Posts
    Rep Power
    37
    It is possible to merge non cc3 to cc3, but you'll need a very good understanding of how the CC3 GPO's work. Also, have you thought about moving the smaller/less working domain onto the larger/more working domain and then only having one domain to manage. We use a unified approach here and it really does save time and headache.

  9. #9

    Join Date
    Jan 2010
    Posts
    12
    Thank Post
    5
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Hi All,

    Many thanks for all your input.

    I think the way forward with this is to use a trust relationship between the 2 sites. Unfortunately, removing CC3 from 1 site or adding the non-CC3 site to our CC3 domain, are just not options unfortunately. All my problems would be solved if I could implement Server 2K8 at both sites and use RODC.

    Thanks again and I will keep you updated on any progress that we make.

    Matt

SHARE:
+ Post New Thread

Similar Threads

  1. Sub domains or Separate Domains?
    By Michael in forum Internet Related/Filtering/Firewall
    Replies: 17
    Last Post: 27th February 2010, 12:55 PM
  2. Joining Techinician
    By z4ydi in forum Learning Network Manager
    Replies: 7
    Last Post: 4th June 2009, 02:01 PM
  3. School domains - who do I talk to?
    By docboggle in forum East Midlands Broadband Consortium (EMBC)
    Replies: 30
    Last Post: 27th April 2009, 09:36 AM
  4. Software for Joining 2 Domains
    By sqdge in forum Windows
    Replies: 9
    Last Post: 5th September 2007, 10:40 AM
  5. joining laptops to domain
    By chrbb in forum Windows
    Replies: 11
    Last Post: 28th February 2007, 08:19 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •