Solved

Same computer being used in multiple Domains in multiple AD forrests

Posted on 2003-11-30
14
300 Views
Last Modified: 2010-08-05
I have a notebook computer that I use as my primary workstation running WinXP Pro.  It is part of a Win2k domain for my "main" job.  Additionaly, I do some freelance consulting and have a couple Win2K (small business server) networks that I setup and maintain(each are completely seperate entities and have their own AD namespaces).  Also, will probably want to install a similar configuration (win2k network with an AD structure/namespace) at my home.  

I am "forced" to use a cisco VPN client for my "main" network(which i do not have admin access to); the other SBS networks I deal with support standard Win2K VPN client/connectivity.

How can I use the same notebook computer to log into whichever Win2k AD enabled network that I choose at the time.  I am only worried about 1 session at a time, but if there is actually support for multiple XP login sessions into multiple domains at the same time (using different vpn connections or something) that would be interesting to hear.

I would like to walk into any of these locations, plug in the network cable, and log into the appropriate domain that I am in and have the computer able to "switch itself" to the correct domain and process login scripts, GPO policies, etc... just like the other workstations on that particular network; without fear that it is somehow "messing-up" workstation setting/configs that could cause problems when attempting to login/use the computer on other domains.

Is this possible?  Can WinXP "support" being part of many AD domains and process GPO policies, etc.. appropriately depending upon which network it is plugged intio and what logon is used?  I understand that I can use Terminal Server and Remote Desktop solutions to take over sessions of other computers on these disparate networks; that is not the solution I am looking for.  

Any help/suggestions/best practice recommendations would be appreciated.
0
Comment
Question by:jimbo707
  • 4
  • 3
  • 2
  • +2
14 Comments
 
LVL 41

Expert Comment

by:stevenlewis
ID: 9847180
alternate connection network
http://support.microsoft.com/default.aspx?scid=kb;en-us;283676&Product=winxp
but in your case, check these out
There is a program that will keep track of a bunch of different network settings
try here 30 day trial version
http://www.netswitcher.com/

Or  Symantec Mobile Essentials V2.0 Personal Edition  http://enterprisesecurity.symantec.com/products/products.cfm?productID=1
Steve
0
 

Author Comment

by:jimbo707
ID: 9847392
RE: Stevenluis post:  Most of the information seemed related to "switching" network settings - this was interesting but in my case all networks i happen to be connecting to use DHCP so that is not a big issue - the issue is more related to computer names and ability to join/unjoin/rejoin domains and the resultant issues from that process.

Based upon the FAQs in NetSwitcher, it seems that you must "unjoin" the domain you are in, "join" the one you now want to connect to, then repeat that process as you go from domain to domain.  I need to check whether I have the "Add Workstation to Domain" rights I would need to unjoin and then rejoin. (If I do not, then that solution does not work for me even though I have local admin rights to my computer).

The FAQ in NetSwitcher was pretty helpful in being explicit about NT/XP's ability to ONLY be in 0 or 1 domain at a time; no such thing as a Domain Profile switcher in windows; which is what I need.  I hope someone may be able to provide information concerning support of that ability.
0
 
LVL 16

Expert Comment

by:JammyPak
ID: 9851557
I would just create a matching username and password in each domain. Leave your pc as a 'member' of one domain, but while travelling just make peer-peer connections to the servers you need.
0
 

Author Comment

by:jimbo707
ID: 9851987
RE: Jammypak post: Part of the need is to be able to have the environment "just like" it is for other people at that location.  This includes GPO processing, login script processing, etc....
0
 
LVL 41

Expert Comment

by:stevenlewis
ID: 9854198
Now I do't understand.
>Part of the need is to be able to have the environment "just like" it is for other people at that location.
By setting up other user accounts on the same machine, with the same password, you should be able to switch between users and get theenvironment "just like" it is for other people
example if you log on as jimbo
setup different jimbo accounts. My advice would be when you "I do some freelance consulting and have a couple Win2K (small business server) networks that I setup and maintain(each are completely seperate entities and have their own AD namespaces).  Also, will probably want to install a similar configuration (win2k network with an AD structure/namespace) at my home"
set up different accounts, and set up the appropriate account on your machine
eg jimbohome, jimboconsultatjoes, jimboconsultatfreds, etc
then when  you log on to those other domains, choose the appropriate jimbo for that domain
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 1

Expert Comment

by:poi410
ID: 9854225
Depending on the configuration of your notebook,  you could install a virtual machine, like VMware and have a virtual server for each domain you look after. The there is no way of having the different environments affect each other as they are all different images on the harddrive of your notebook.  That is what I do here and it works for me. Oh, I log in locally to the my notebook and use DHCP for IP addressing.

Greg
0
 

Author Comment

by:jimbo707
ID: 10583237
I appreciate people's replies and thank them for their efforts; however, no one able to answer the question adequately.  Completely understand setting up different user acocunts on my machine; however that solution does not address the details of "domain specific" processing (mostly related to GPO).  

I found StevenLuis comments closest to the crux of the issue - however already understood that I could unjoin and then rejoin domains each time I logged in - crux of this question was trying to figure out how to avoid that effort.
0
 
LVL 16

Expert Comment

by:JammyPak
ID: 10587726
The crux of the problem is that what you are trying to do is not possible. I think the suggestions you have here are as good as it's going to get...
0
 

Author Comment

by:jimbo707
ID: 10592144
I agree that it appears difficult to impossible to have a machine with multiple domain profiles (complete with seperate machine/node/hostnames) allowing mobile computers to easily be used in disparate forrests/trees/domains depending upon which one they are connected to.  This causes issues as domain specific Group Policies are being used more extensively and in more intricate ways.

To the extent that this limmitation has been confirmed (I was hoping I was missing something) - I agree that this discussion has been useful;  however I would not classify this issue into a category of something that was obviously not possible or which will remain so indefinitely.

Only time will tell; but I believe that a real answer to this issue (whether by Microsoft or by a third party) will make its way into the marketplace in the not too distant future.
0
 
LVL 41

Accepted Solution

by:
stevenlewis earned 250 total points
ID: 10592169
don't know if this will do the trick
There is a program that will keep track of a bunch of different network settings
try here 30 day trial version
http://www.netswitcher.com/

Or  Symantec Mobile Essentials V2.0 Personal Edition  http://enterprisesecurity.symantec.com/products/products.cfm?productID=1
Steve
0
 

Expert Comment

by:MikeSponge
ID: 11712207
I agree with Jimbo.  I have this very same scenario and nobody has come up with an effective solution.  What do you do with laptops that are on a SBS 2003 doamin at work and are taken home to another sbs domain or workgroup?  How do you get non-technical people to be able to move their machines from place to place and have them function?  Netswitcher helps with the IP address protion, but nothing else.
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

This article is in response to a question (http://www.experts-exchange.com/Networking/Network_Management/Network_Analysis/Q_28230497.html) here at Experts Exchange. The Original Poster (OP) requires a utility that will accept a list of IP addresses …
Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now