Location: List Archives

List Archives

This forum is an archive of all posts to our mailing list over the past few years.  The forum is set read only therefore to contribute you will need to join our list community.  See more info about this here.

 

When subscribed to the list you should use your standard email client to send your posts to ActiveDir@mail.activedir.org.

List Archives

Forums >ActiveDir Mail List Archive >List Archives
Subject: RE: [ActiveDir] Organisation merger and what to do with Active Directory
Prev Next
You are not authorized to post a reply.

AuthorMessages
bijubabukUser is Offline

Posts:109

07/28/2010 8:20 AM  
Couple of questions you should ask yourself along with application
technical requirements are



Who is going to own/administer the Forest B and its computers now and in
future?

Are the Security policies going to be different in the Company B ?

Current security policies in the Company B meets your org requirement ?
(e.g. Company B have AVs in their client computers and are updated
regularly or not ? - if not there may be some risk connecting those
computers to your org, so you may want to mitigate those risks before
you proceed) [most companies have good AVs and all, I wrote it just as
an example]



According to the answer you may want to establish the trust types and
other security mechanism



For example.



If it's the same team is going to own/administer both the Forest and
going to design security policies for the future and current security
policy in Company B is meeting your org security policy, probably you
can create a full 2 way trust and may not be needed to put any firewall
and you can migrate to a single forest in the future (administering 2
diff forest is more costly affair).



My 2 cents, hope this helps



Regards

Biju



Disclaimer: All postings are provided "AS IS" with no warranties, and
confer no rights.





P Please consider our environmental responsibility before printing this
e-mail



From: activedir-owner@mail.activedir.org
[mailto:activedir-owner@mail.activedir.org] On Behalf Of
jimkatoe@gmail.com
Sent: Wednesday, July 28, 2010 12:17 AM
To: activedir@mail.activedir.org
Subject: Re: [ActiveDir] Organisation merger and what to do with Active
Directory



There are limitations you will need to investigate and evaluate
yourself.

Look deeply at the differences in trust types and consider how they will
affect your applications. You will have to consider kerberos & shortcut
trusts. I assume you will have no firewalls in between the forests?



The most difficult part of these migrations is the applications that use
AD in my opinion. Even if you have a clean reliable trust relationship
set up, some applications will not be happy with it. So my
recommendation is - do a thorough investigation of your applications
that require AD or LDAP integration, document those requirements, and
then evaluate your options.





On Sat, Jul 24, 2010 at 2:32 PM, John Christie
<johnchristie11@googlemail.com> wrote:



My company has just merged with another organisation.



The Project team are currently logging onto the new organisations Active
Directory using separate user name and password but it's beggining to
cause problems due to different password policies and the typical
problems around managing multiple credentials.This has caused a senior
exec to complain to our CIO who now wants us to come up with a solution.



On our side, we have a single domain/forest which is Windows 2003 FFL.
On the opposite side, we have a Windows 2003 FFL root domain with two
child domains.



The execs requirements are relatively clear. He wants to logon to any PC
at any location using a single set of credentials and access his Outlook
email and wants us to map out a high level plan to achieve this



The short term idea is to create a forest trust between the two forests
to allow users to logon to a PC at any location and work with with a
proposed long term plan to merge the two Active Directory Forests into a
new single Forest. This latter is favoured pollitically as it avoids
having to keep each organisations existing Active Directory name.



Are there any limitations around forest trusts? I assume if Company A
user accesses a Company B PC, they just enter the credentials and change
the domain field to Company A?



Has anyone gone through this before and what would you recommend? I'm
looking for real work experiences.



John








You are not authorized to post a reply.
Forums >ActiveDir Mail List Archive >List Archives > RE: [ActiveDir] Organisation merger and what to do with Active Directory



ActiveForums 3.7
Friends

Friends

VisualClickButoton
Members

Members

MembershipMembership:
Latest New UserLatest:MrPTSai
New TodayNew Today:0
New YesterdayNew Yesterday:0
User CountOverall:5234
People OnlinePeople Online:
VisitorsVisitors:31
MembersMembers:0
TotalTotal:31
Online NowOnline Now:

Ads

Copyright 2009 ActiveDir.org
Terms Of Use