Solved

Same computer being used in multiple Domains in multiple AD forrests

Posted on 2003-11-30
14
305 Views
Last Modified: 2010-08-05
I have a notebook computer that I use as my primary workstation running WinXP Pro.  It is part of a Win2k domain for my "main" job.  Additionaly, I do some freelance consulting and have a couple Win2K (small business server) networks that I setup and maintain(each are completely seperate entities and have their own AD namespaces).  Also, will probably want to install a similar configuration (win2k network with an AD structure/namespace) at my home.  

I am "forced" to use a cisco VPN client for my "main" network(which i do not have admin access to); the other SBS networks I deal with support standard Win2K VPN client/connectivity.

How can I use the same notebook computer to log into whichever Win2k AD enabled network that I choose at the time.  I am only worried about 1 session at a time, but if there is actually support for multiple XP login sessions into multiple domains at the same time (using different vpn connections or something) that would be interesting to hear.

I would like to walk into any of these locations, plug in the network cable, and log into the appropriate domain that I am in and have the computer able to "switch itself" to the correct domain and process login scripts, GPO policies, etc... just like the other workstations on that particular network; without fear that it is somehow "messing-up" workstation setting/configs that could cause problems when attempting to login/use the computer on other domains.

Is this possible?  Can WinXP "support" being part of many AD domains and process GPO policies, etc.. appropriately depending upon which network it is plugged intio and what logon is used?  I understand that I can use Terminal Server and Remote Desktop solutions to take over sessions of other computers on these disparate networks; that is not the solution I am looking for.  

Any help/suggestions/best practice recommendations would be appreciated.
0
Comment
Question by:jimbo707
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +2
14 Comments
 
LVL 41

Expert Comment

by:stevenlewis
ID: 9847180
alternate connection network
http://support.microsoft.com/default.aspx?scid=kb;en-us;283676&Product=winxp
but in your case, check these out
There is a program that will keep track of a bunch of different network settings
try here 30 day trial version
http://www.netswitcher.com/ 

Or  Symantec Mobile Essentials V2.0 Personal Edition  http://enterprisesecurity.symantec.com/products/products.cfm?productID=1
Steve
0
 

Author Comment

by:jimbo707
ID: 9847392
RE: Stevenluis post:  Most of the information seemed related to "switching" network settings - this was interesting but in my case all networks i happen to be connecting to use DHCP so that is not a big issue - the issue is more related to computer names and ability to join/unjoin/rejoin domains and the resultant issues from that process.

Based upon the FAQs in NetSwitcher, it seems that you must "unjoin" the domain you are in, "join" the one you now want to connect to, then repeat that process as you go from domain to domain.  I need to check whether I have the "Add Workstation to Domain" rights I would need to unjoin and then rejoin. (If I do not, then that solution does not work for me even though I have local admin rights to my computer).

The FAQ in NetSwitcher was pretty helpful in being explicit about NT/XP's ability to ONLY be in 0 or 1 domain at a time; no such thing as a Domain Profile switcher in windows; which is what I need.  I hope someone may be able to provide information concerning support of that ability.
0
 
LVL 16

Expert Comment

by:JammyPak
ID: 9851557
I would just create a matching username and password in each domain. Leave your pc as a 'member' of one domain, but while travelling just make peer-peer connections to the servers you need.
0
Save the day with this special offer from ATEN!

Save 30% on the CV211 using promo code EXPERTS30 now through April 30th. The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

 

Author Comment

by:jimbo707
ID: 9851987
RE: Jammypak post: Part of the need is to be able to have the environment "just like" it is for other people at that location.  This includes GPO processing, login script processing, etc....
0
 
LVL 41

Expert Comment

by:stevenlewis
ID: 9854198
Now I do't understand.
>Part of the need is to be able to have the environment "just like" it is for other people at that location.
By setting up other user accounts on the same machine, with the same password, you should be able to switch between users and get theenvironment "just like" it is for other people
example if you log on as jimbo
setup different jimbo accounts. My advice would be when you "I do some freelance consulting and have a couple Win2K (small business server) networks that I setup and maintain(each are completely seperate entities and have their own AD namespaces).  Also, will probably want to install a similar configuration (win2k network with an AD structure/namespace) at my home"
set up different accounts, and set up the appropriate account on your machine
eg jimbohome, jimboconsultatjoes, jimboconsultatfreds, etc
then when  you log on to those other domains, choose the appropriate jimbo for that domain
0
 
LVL 1

Expert Comment

by:poi410
ID: 9854225
Depending on the configuration of your notebook,  you could install a virtual machine, like VMware and have a virtual server for each domain you look after. The there is no way of having the different environments affect each other as they are all different images on the harddrive of your notebook.  That is what I do here and it works for me. Oh, I log in locally to the my notebook and use DHCP for IP addressing.

Greg
0
 

Author Comment

by:jimbo707
ID: 10583237
I appreciate people's replies and thank them for their efforts; however, no one able to answer the question adequately.  Completely understand setting up different user acocunts on my machine; however that solution does not address the details of "domain specific" processing (mostly related to GPO).  

I found StevenLuis comments closest to the crux of the issue - however already understood that I could unjoin and then rejoin domains each time I logged in - crux of this question was trying to figure out how to avoid that effort.
0
 
LVL 16

Expert Comment

by:JammyPak
ID: 10587726
The crux of the problem is that what you are trying to do is not possible. I think the suggestions you have here are as good as it's going to get...
0
 

Author Comment

by:jimbo707
ID: 10592144
I agree that it appears difficult to impossible to have a machine with multiple domain profiles (complete with seperate machine/node/hostnames) allowing mobile computers to easily be used in disparate forrests/trees/domains depending upon which one they are connected to.  This causes issues as domain specific Group Policies are being used more extensively and in more intricate ways.

To the extent that this limmitation has been confirmed (I was hoping I was missing something) - I agree that this discussion has been useful;  however I would not classify this issue into a category of something that was obviously not possible or which will remain so indefinitely.

Only time will tell; but I believe that a real answer to this issue (whether by Microsoft or by a third party) will make its way into the marketplace in the not too distant future.
0
 
LVL 41

Accepted Solution

by:
stevenlewis earned 250 total points
ID: 10592169
don't know if this will do the trick
There is a program that will keep track of a bunch of different network settings
try here 30 day trial version
http://www.netswitcher.com/ 

Or  Symantec Mobile Essentials V2.0 Personal Edition  http://enterprisesecurity.symantec.com/products/products.cfm?productID=1
Steve
0
 

Expert Comment

by:MikeSponge
ID: 11712207
I agree with Jimbo.  I have this very same scenario and nobody has come up with an effective solution.  What do you do with laptops that are on a SBS 2003 doamin at work and are taken home to another sbs domain or workgroup?  How do you get non-technical people to be able to move their machines from place to place and have them function?  Netswitcher helps with the IP address protion, but nothing else.
0

Featured Post

Create the perfect environment for any meeting

You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A common practice in small networks is making file sharing easy which works extremely well when intra-network security is not an issue. In essence, everyone, that is "Everyone", is given access to all of the shared files - often the entire C: drive …
The Need In an Active Directory enviroment, the PDC emulator provide time synchronization for the domain. This is important since Active Directory uses Kerberos for authentication.  By default, if the time difference between systems is off by more …
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question