Location: List Archives

List Archives

This forum is an archive of all posts to our mailing list over the past few years.  The forum is set read only therefore to contribute you will need to join our list community.  See more info about this here.

 

When subscribed to the list you should use your standard email client to send your posts to ActiveDir@mail.activedir.org.

List Archives

Forums >ActiveDir Mail List Archive >List Archives
Subject: Re: [ActiveDir] Organisation merger and what to do with Active Directory
Prev Next
You are not authorized to post a reply.

AuthorMessages
jimkatoeUser is Offline

Posts:7

07/27/2010 7:49 PM  
There are limitations you will need to investigate and evaluate yourself.
Look deeply at the differences in trust types and consider how they will
affect your applications. You will have to consider kerberos & shortcut
trusts. I assume you will have no firewalls in between the forests?

The most difficult part of these migrations is the applications that use AD
in my opinion. Even if you have a clean reliable trust relationship set up,
some applications will not be happy with it. So my recommendation is - do a
thorough investigation of your applications that require AD or LDAP
integration, document those requirements, and then evaluate your options.



On Sat, Jul 24, 2010 at 2:32 PM, John Christie <
johnchristie11@googlemail.com> wrote:

>
> My company has just merged with another organisation.
>
> The Project team are currently logging onto the new organisations Active
> Directory using separate user name and password but it's beggining to cause
> problems due to different password policies and the typical problems around
> managing multiple credentials.This has caused a senior exec to complain to
> our CIO who now wants us to come up with a solution.
>
> On our side, we have a single domain/forest which is Windows 2003 FFL. On
> the opposite side, we have a Windows 2003 FFL root domain with two child
> domains.
>
> The execs requirements are relatively clear. He wants to logon to any PC at
> any location using a single set of credentials and access his Outlook email
> and wants us to map out a high level plan to achieve this
>
> The short term idea is to create a forest trust between the two forests to
> allow users to logon to a PC at any location and work with with a
> proposed long term plan to merge the two Active Directory Forests into a new
> single Forest. This latter is favoured pollitically as it avoids having to
> keep each organisations existing Active Directory name.
>
> Are there any limitations around forest trusts? I assume if Company A user
> accesses a Company B PC, they just enter the credentials and change the
> domain field to Company A?
>
> Has anyone gone through this before and what would you recommend? I'm
> looking for real work experiences.
>
> John
>
>
>

You are not authorized to post a reply.
Forums >ActiveDir Mail List Archive >List Archives > Re: [ActiveDir] Organisation merger and what to do with Active Directory



ActiveForums 3.7
Friends

Friends

VisualClickButoton
Members

Members

MembershipMembership:
Latest New UserLatest:MrPTSai
New TodayNew Today:0
New YesterdayNew Yesterday:0
User CountOverall:5234
People OnlinePeople Online:
VisitorsVisitors:31
MembersMembers:0
TotalTotal:31
Online NowOnline Now:

Ads

Copyright 2009 ActiveDir.org
Terms Of Use