Child Domain

[Nejmos Saqeb]

Greetings,

My question may be a newbie to some people.

Its that I want to make a "Child Domain" to my Primary Domain and want to
share the same Active Directory (including all OUs, Users from the Master
AD) on this Child from the main DC.

Thanks in Advance

Nejmos Saqeb

 

[Jody Flett [MSFT]]

Hi Nejmos

I may be missing what you are wanting to do here, would it be possible for
you to clarify what you want to acheive? As they will be different Domains
they do not share the same writable Domain Partition but there will be a
transitive trust between the Domains so users can access resources in either
Domain.

Do you want to move all of the OU's and users that you have created in your
Root Domain to the Child?
Or
Do you want to copy all of the Users from Root to the Child?
Or
Do you want users in your Root Domain to be able to access resources in the
Child?

Please post back what you end goal is and we can take it from there....

Many Thanks

Jody

 

[Akhlaq Khan]

This is one of my questions too:
I want to configure a BDC (Backup Domain controller) for my win2k domain
controller machine(PDC).

Just in case my domain controller (PDC) is down, i want my BDC to act as a
realtime backup domain controller. How can i create a BDC in win2k ?

what i assume is that a BDC should contain a copy of all objects (including
users, computers, OUs etc) and keep itself synchronized with the PDC.

thanks,

akhlaq khan.

 

[Jody Flett [MSFT]]

Hi Akhlaq

I think that this may be slightly different to the original question,
however in a Windows 2000 Domain we do not really have BDC's anymore
(although we can still support NT4 BDC's in Mixed Mode Domain). All 2000
DC's in Windows 2000 Domain have a writable copy of Active Directory (I
guess what would could be roughly described as the SAM in NT4)

In your situation you would be better of promoting another Windows 2000
Server to be a Domain controller. This will then have a full writable copy
of the Active Directory, this includes all of the Users, OU's, Policies,
objects etc. These Domain Controllers will replicate with each other to keep
the objects up to date. In the event of you original Domain Controller
failing this Domain Controller will perform validation etc and if the
original DC is not going to come back you can seize the FSMO roles.

You can promote a windows 2000 Server to be a Domain Controller by running
dcpromo.exe, and following the wizzard.

Thanks

Jody

 

[Nejmos Saqeb]

Hi Jody

Thanks for being courteous; my actual goal is to copy all Users, OUs,
computers etc from Root to Child and let them be synchronized with
eachother.

Thanks in advance

Nejmos Saqeb

 

[Akhlaq Khan]

Thanks, I got it. Now i need to find out how can i turn on the "replication"
process between these two DCs. where can i find information on how to do it?

thanks again,

akhlaq.

 

[Jody Flett [MSFT]]

Hi

If you DCpromo the machine to be a domain controller, replication will
happen automatically.....

Do you have access to the Windows 2000 Resource Kit?..... replication is
discussed in detail here.

Thanks

Jody

 

[Jody Flett [MSFT]]

Hi Nejmos

Thanks for clarifying that for me, I guess my question would be why? In a
normal Windows 2000 Forest this is not something that we would usually
recommend doing. Usually you would have the users in just one domain and
grant access to resources via the transitive trust that will exist between
the domains, and therefore there is no need to have a user object for each
user in each domain, and the additional overhead that goes with maintaining
this etc. There maybe more headaches than problems solved, in copying and
sync'ing users in both domains.

Maybe it would help if you told me what problem you are trying to solve by
doing this and I could let you know the approach that I would take?

Sorry if I am being a bit over cautious on giving an answer here but I just
want to ensure that we do not introduce a potential administration nightmare
once this is all set up.

Cheers

Jody