|
Posted by Andrew Hayes on August 20, 2006, 8:46 pm
Please log in for more thread options True. I would of prefered to not have seperate forests, but at the time my
knowledge was limited to NT4 and time was short, so rather than study up on
how to add a domain to an existing forest, I just created an entirely
seperate forest and domain and then used trust relationships to allow access
to the other domains resources.
My bad, I know, but now it would be very difficult to get these seperate
forests put into the one I already have.
> One of the leading reasons for separate forests is to effect strong
> administrative separation, the containment it CAN provide, etc..
> It appears you do not actually want that. You probably should
> examine your objectives for funtionalities, operational model,
> risk containment, etc.
>
>> Well, I had wanted an Enterprise Admin account on Domain A to also be
>> Enterprise Admin on Domain B, but I guess that's not normal. Probably I
>> should of added Domain B to the Domain A Forest, rather than making it
>> it's own Forest.
>>
>>> Groups may be moved in or put of the Users container, so one cannot
>>> guess (fully) what you are seeing there. However, it is a rule that you
>>> may not add externals to domain globals. While natively there are some
>>> domain locals in Users, Builtins holds domain locals, and Users does not
>>> hold builtin groups.
>>>
>>>
>>>>I have 2 W2K3 domains with a two-way trust relationship between them,
>>>>and I would like to add a user from Domain A to one of the groups in
>>>>Domain B. Unfortunately, all I can seem to do is only add users from
>>>>Domain A to one of the Built-in groups of Domain B, not to any of the
>>>>groups in the Users container.
>>>>
>>>> Is this at all possible?
>>>>
>>>
>>>
>>
>>
>
>
| 
XML Sitemap