Hi Sam.
If you are going to have a number of users require access to the other forest, then
yes a one way trust would make sense where you are the trusted domain and they are
the trusting domain. I hesitate to recommend the best way to interconnect your
networks without having more experience on that end with larger networks. You may
want to post in the win2000.ras_routing newsgroup and win2000.active_directory for
more opinions on that. Usually a router [possibly a Windows box with two nics] would
be the solution interconnecting the internal lans but since you say you are using
switches/logical networks there may be an easier way or even though the ISA servers
since you are on the same external subnet. Gateways will have to be configured on
clients/routers possibly so that traffic to the other domain gets sent there and back
and not out to the internet router.
Setting up the trust will require that the domains have dns name resolution between
them with either the use of "stub" zones or your dns servers in each domain also
being secondary dns servers for the opposite domain. If you are using wins for
network browsing, then configure the wins servers to be replication partners with the
wins servers in the other domain and make sure the domain controllers are also wins
clients. After the trust is set up you can add the appropriate users from your domain
to the appropriate groups in the other domain. The link below may be helpful on
setting up trusts and you may also try an lmhosts file for domain authentication if
you have trouble establishing the trust. --- Steve
http://www.microsoft.com/resources/...roddocs/en-us/domadmin_n_UnderstandTrusts.asp
http://tinyurl.com/2nbaf --- same link as above in case of wrap
http://support.microsoft.com/default.aspx?scid=kb;en-us;180094 -- lmhosts
Sam said:
Hi Steve,
First, thanks for your responses. I appreciate you taking the time to answer
my questions.
Now that you mentioned a trust relationship, it actually makes sense to do
that. We are very intimate with our client. We also do a lot of application
development and SQL Server management for them.
So it's very important for us to be comfortable while we work. For example,
our SQL Server guy should be able to access our client's SQL Server using
his workstation. He should be able to just use SQL Server Enterprise Manager
to pull up client's SQL Server and be able to create tables, etc.
Same thing applies to everyone in my company. We also manage our client's
Exchange server. We even do data entry for them. Like I said, the goal is to
keep our network separate AND protected but in the mean time, certain
individuals in my company/network should be able tap into the client's
network and network resources i.e. Exchange, SQL Server, applications, etc.
for them to be able to do their work.
Do you think a one-way trust relationship is the way to go? What about
routing? Again, physically, we are in the same building, same wiring, same
swithches. We will just have a separate logical network with a separate
forest. How would we tap into our client's network in a one way trust
relationship scenario? For instance, how would the SQL guy see our client's
SQL Server in his Enterprise manager if he's on a separate
domain/forest/subnet considering that our client's domain/forest trusts our
domain/forest.
Thanks for your help Steve.
Sam
You
bring up don't
want to go not
need to be route,
I would some
other do
you we
could have
a subnet.
Just you
will administer
the though
that the
proper accept
port fact,
their So
the the
same
