Solved

Same computer being used in multiple Domains in multiple AD forrests

Posted on 2003-11-30
14
306 Views
Last Modified: 2010-08-05
I have a notebook computer that I use as my primary workstation running WinXP Pro.  It is part of a Win2k domain for my "main" job.  Additionaly, I do some freelance consulting and have a couple Win2K (small business server) networks that I setup and maintain(each are completely seperate entities and have their own AD namespaces).  Also, will probably want to install a similar configuration (win2k network with an AD structure/namespace) at my home.  

I am "forced" to use a cisco VPN client for my "main" network(which i do not have admin access to); the other SBS networks I deal with support standard Win2K VPN client/connectivity.

How can I use the same notebook computer to log into whichever Win2k AD enabled network that I choose at the time.  I am only worried about 1 session at a time, but if there is actually support for multiple XP login sessions into multiple domains at the same time (using different vpn connections or something) that would be interesting to hear.

I would like to walk into any of these locations, plug in the network cable, and log into the appropriate domain that I am in and have the computer able to "switch itself" to the correct domain and process login scripts, GPO policies, etc... just like the other workstations on that particular network; without fear that it is somehow "messing-up" workstation setting/configs that could cause problems when attempting to login/use the computer on other domains.

Is this possible?  Can WinXP "support" being part of many AD domains and process GPO policies, etc.. appropriately depending upon which network it is plugged intio and what logon is used?  I understand that I can use Terminal Server and Remote Desktop solutions to take over sessions of other computers on these disparate networks; that is not the solution I am looking for.  

Any help/suggestions/best practice recommendations would be appreciated.
0
Comment
Question by:jimbo707
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +2
14 Comments
 
LVL 41

Expert Comment

by:stevenlewis
ID: 9847180
alternate connection network
http://support.microsoft.com/default.aspx?scid=kb;en-us;283676&Product=winxp
but in your case, check these out
There is a program that will keep track of a bunch of different network settings
try here 30 day trial version
http://www.netswitcher.com/ 

Or  Symantec Mobile Essentials V2.0 Personal Edition  http://enterprisesecurity.symantec.com/products/products.cfm?productID=1
Steve
0
 

Author Comment

by:jimbo707
ID: 9847392
RE: Stevenluis post:  Most of the information seemed related to "switching" network settings - this was interesting but in my case all networks i happen to be connecting to use DHCP so that is not a big issue - the issue is more related to computer names and ability to join/unjoin/rejoin domains and the resultant issues from that process.

Based upon the FAQs in NetSwitcher, it seems that you must "unjoin" the domain you are in, "join" the one you now want to connect to, then repeat that process as you go from domain to domain.  I need to check whether I have the "Add Workstation to Domain" rights I would need to unjoin and then rejoin. (If I do not, then that solution does not work for me even though I have local admin rights to my computer).

The FAQ in NetSwitcher was pretty helpful in being explicit about NT/XP's ability to ONLY be in 0 or 1 domain at a time; no such thing as a Domain Profile switcher in windows; which is what I need.  I hope someone may be able to provide information concerning support of that ability.
0
 
LVL 16

Expert Comment

by:JammyPak
ID: 9851557
I would just create a matching username and password in each domain. Leave your pc as a 'member' of one domain, but while travelling just make peer-peer connections to the servers you need.
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 

Author Comment

by:jimbo707
ID: 9851987
RE: Jammypak post: Part of the need is to be able to have the environment "just like" it is for other people at that location.  This includes GPO processing, login script processing, etc....
0
 
LVL 41

Expert Comment

by:stevenlewis
ID: 9854198
Now I do't understand.
>Part of the need is to be able to have the environment "just like" it is for other people at that location.
By setting up other user accounts on the same machine, with the same password, you should be able to switch between users and get theenvironment "just like" it is for other people
example if you log on as jimbo
setup different jimbo accounts. My advice would be when you "I do some freelance consulting and have a couple Win2K (small business server) networks that I setup and maintain(each are completely seperate entities and have their own AD namespaces).  Also, will probably want to install a similar configuration (win2k network with an AD structure/namespace) at my home"
set up different accounts, and set up the appropriate account on your machine
eg jimbohome, jimboconsultatjoes, jimboconsultatfreds, etc
then when  you log on to those other domains, choose the appropriate jimbo for that domain
0
 
LVL 1

Expert Comment

by:poi410
ID: 9854225
Depending on the configuration of your notebook,  you could install a virtual machine, like VMware and have a virtual server for each domain you look after. The there is no way of having the different environments affect each other as they are all different images on the harddrive of your notebook.  That is what I do here and it works for me. Oh, I log in locally to the my notebook and use DHCP for IP addressing.

Greg
0
 

Author Comment

by:jimbo707
ID: 10583237
I appreciate people's replies and thank them for their efforts; however, no one able to answer the question adequately.  Completely understand setting up different user acocunts on my machine; however that solution does not address the details of "domain specific" processing (mostly related to GPO).  

I found StevenLuis comments closest to the crux of the issue - however already understood that I could unjoin and then rejoin domains each time I logged in - crux of this question was trying to figure out how to avoid that effort.
0
 
LVL 16

Expert Comment

by:JammyPak
ID: 10587726
The crux of the problem is that what you are trying to do is not possible. I think the suggestions you have here are as good as it's going to get...
0
 

Author Comment

by:jimbo707
ID: 10592144
I agree that it appears difficult to impossible to have a machine with multiple domain profiles (complete with seperate machine/node/hostnames) allowing mobile computers to easily be used in disparate forrests/trees/domains depending upon which one they are connected to.  This causes issues as domain specific Group Policies are being used more extensively and in more intricate ways.

To the extent that this limmitation has been confirmed (I was hoping I was missing something) - I agree that this discussion has been useful;  however I would not classify this issue into a category of something that was obviously not possible or which will remain so indefinitely.

Only time will tell; but I believe that a real answer to this issue (whether by Microsoft or by a third party) will make its way into the marketplace in the not too distant future.
0
 
LVL 41

Accepted Solution

by:
stevenlewis earned 250 total points
ID: 10592169
don't know if this will do the trick
There is a program that will keep track of a bunch of different network settings
try here 30 day trial version
http://www.netswitcher.com/ 

Or  Symantec Mobile Essentials V2.0 Personal Edition  http://enterprisesecurity.symantec.com/products/products.cfm?productID=1
Steve
0
 

Expert Comment

by:MikeSponge
ID: 11712207
I agree with Jimbo.  I have this very same scenario and nobody has come up with an effective solution.  What do you do with laptops that are on a SBS 2003 doamin at work and are taken home to another sbs domain or workgroup?  How do you get non-technical people to be able to move their machines from place to place and have them function?  Netswitcher helps with the IP address protion, but nothing else.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Suggested Courses

626 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question