join AD networks

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hi All,

Here's my question. I need to join 2 totally separate networks together. One
network has w2k as domain controller with AD and the other network has a
Windows 2003 domain controller and is also the file server. The 2003 network
has users that have NTFS permissions for their folders etc and also have
another account on the w2k network with again their own permissions.
I need to join them so that the w2k is the domain controller and demote the
w2003 server to a member server. Any idea what the best way forward is that
wil involve the least work? If the worst is setting up the file permissions
again on the w2k network, then so be it, but is their an easy way? All
answers greatfully received
Graeme
 
Graeme,

Have you not thought about a trust between the two forests? You might want
to use netdom from the Support Tools to do this. This would allow you to
give access to resources in one Domain to user account objects from both
Domains. All you need to do is to work with the Share and NTFS permissions.
And that would be an easy task if you set up groups properly. Use the local
group scenario on the Share and NTFS permissions and make consider using
Universal Groups....

No problem!

--
Cary W. Shultz
Roanoke, VA 24014
Microsoft Active Directory MVP

http://www.activedirectory-win2000.com
http://www.grouppolicy-win2000.com
 
Graeme said:
Hi All,

Here's my question. I need to join 2 totally separate networks together. One
network has w2k as domain controller with AD and the other network has a
Windows 2003 domain controller and is also the file server. The 2003 network
has users that have NTFS permissions for their folders etc and also have
another account on the w2k network with again their own permissions.
Click to expand...
I need to join them so that the w2k is the domain controller and demote the
w2003 server to a member server. Any idea what the best way forward is that
wil involve the least work?
Click to expand...

Well first, what you propose cannot be done.

You can migrate the users and computers but there
is no way to graft domains onto a forest or merge
domains directly.
If the worst is setting up the file permissions
again on the w2k network, then so be it, but is their an easy way? All
answers greatfully received
Click to expand...

As Cary suggested you might want to just keep them
both and create EXTERNAL trusts between the (two?)
domains.

Otherwise migration with ADMT (v2) is likely your
best bet.
 
Back
Top