The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!
Creating a Trust Relationship between two Domain Controllers.
Hello again, here is my situation.
Scheduled for this saturday. I am going to be removing a file server(fs1) that we currently have and replacing it with a new file server (fs2). We currently have a DC controller(apps1) setup on the network, however this is just used for terminal services. None of the client machines connect to apps1. We would like to be able to setup a trust relationship between fs2 and apps1. However i do not know the process at which this would be done, since apps1 is already a DC. Also, all client machines are running Windows XP Professional, after joining them to the domain, how can i keep all of their desktop settings, etc. I will be completing this on Saturday, so any thoughts would be great?
Thanks :)
Scheduled for this saturday. I am going to be removing a file server(fs1) that we currently have and replacing it with a new file server (fs2). We currently have a DC controller(apps1) setup on the network, however this is just used for terminal services. None of the client machines connect to apps1. We would like to be able to setup a trust relationship between fs2 and apps1. However i do not know the process at which this would be done, since apps1 is already a DC. Also, all client machines are running Windows XP Professional, after joining them to the domain, how can i keep all of their desktop settings, etc. I will be completing this on Saturday, so any thoughts would be great?
Thanks :)
Who is Participating?
LVL 25
i think you are going about this in the wrong way.... you dont need a trust at all.... a trust is if you have 2 domains, you only have one, and you only need one. FS2 doesn't need to be a DC at all from what you have told us. Is there another reason that FS2 needs to be a DC? Where do your users currently store thier desktop settings? Locallly or on FS1? IE are you using roamin or local profiles. FYI...PDC and BDC are NT 4.0 terms,, they are not used in 2000/2003 domains except the PDC emulator FSMO role which is used for backward compatablity if you have NT4 DCs still on your network.
So I take it that you currently do not have a domain and that fs2 will be the PDC?
For your users' profile data, ie: desktop settings:
Once the users log in then you will need to copy their local profiles over to their domain account. Open up the system folder and go to the advance tab. Under user profiles, select settings. This will give you a list of all user profiles on the computer....the new domains accounts will have the domain name in front. You will need to copy the local profile to the domain profile.
For the trust relationship, if the 2 servers are in 2 different domains then you can use active directory domains and trusts to setup the relationship. But if they are in the same domain, then you don't need a trust relationship.
For your users' profile data, ie: desktop settings:
Once the users log in then you will need to copy their local profiles over to their domain account. Open up the system folder and go to the advance tab. Under user profiles, select settings. This will give you a list of all user profiles on the computer....the new domains accounts will have the domain name in front. You will need to copy the local profile to the domain profile.
For the trust relationship, if the 2 servers are in 2 different domains then you can use active directory domains and trusts to setup the relationship. But if they are in the same domain, then you don't need a trust relationship.
Yes, I made a mistake...mikeleebrla is right: there is no PDC in post NT so I should have asked if fs2 would be the machine authenticating users.
FS1 is our current file server - Stores network shares.
FS2 is our new File Server - Will store all of our network shares, when FS1 is replaced.
App1 - is our application server, used for sales to access an accounting application remotely via Terminal services(we have about 14 sales people logining in at 1 time) this has been promoted to a DC because terminal services does not run without this installed.
Also, none of the client computers are joined to App1 they are just joined to a workgroup.
All client computers have local profiles... luv2smile thanks for your help :)
FS2 is our new File Server - Will store all of our network shares, when FS1 is replaced.
App1 - is our application server, used for sales to access an accounting application remotely via Terminal services(we have about 14 sales people logining in at 1 time) this has been promoted to a DC because terminal services does not run without this installed.
Also, none of the client computers are joined to App1 they are just joined to a workgroup.
All client computers have local profiles... luv2smile thanks for your help :)
So if I understand this correctly:
You would install active directory on FS2 and so FS2 would authenticate users in the domain. You would need to only setup one domain and simply add App1 do that domain.
You would install active directory on FS2 and so FS2 would authenticate users in the domain. You would need to only setup one domain and simply add App1 do that domain.
i think you misunderstood, but i could be wrong, b/c im confused somewhat myself..... mostym says that he promoted App1 to a DC,,, was there a domain at all before that,,, or is App1 the only DC?
Yes, I think the confusion is over if a domain is being created and on what machine is intended to be used to setup the domain.
"none of the client computers are joined to App1 they are just joined to a workgroup"
So this tells me there currently is no domain and that he will be creating a domain. I was assuming that FS2 had been designated to setup the domain on. But evaluating this more, it would make sense to setup the domain on App1 since its already a DC unless you need FS2 to be a DC for some other reason. That is considering that App1 doesn't run SQL or has some other characteristic that would make it not favorable to be the "main" DC so to speak.
If I'm going the wrong way with this, I apologize.
"none of the client computers are joined to App1 they are just joined to a workgroup"
So this tells me there currently is no domain and that he will be creating a domain. I was assuming that FS2 had been designated to setup the domain on. But evaluating this more, it would make sense to setup the domain on App1 since its already a DC unless you need FS2 to be a DC for some other reason. That is considering that App1 doesn't run SQL or has some other characteristic that would make it not favorable to be the "main" DC so to speak.
If I'm going the wrong way with this, I apologize.
I appologize for the confusion.
First let me make this very clear, app1 is a DC, however no client pcs are joined to this DC. It is used for the sales team(remote) and accounting staff(local) to remote desktop to access an accounting software as well as a lead management tool. The reason this is a DC is because terminal services can only be run when the server is a DC.
FS1 is NOT a DC, it is our current file server, it stores network shares, and is currently running DHCP.
When we replace FS1 with FS2 we want FS2 to be a DC so the client computers, can be joined to this DC, and so this can still be our DHCP server.
I hope this clears things up :)
Thanks
First let me make this very clear, app1 is a DC, however no client pcs are joined to this DC. It is used for the sales team(remote) and accounting staff(local) to remote desktop to access an accounting software as well as a lead management tool. The reason this is a DC is because terminal services can only be run when the server is a DC.
FS1 is NOT a DC, it is our current file server, it stores network shares, and is currently running DHCP.
When we replace FS1 with FS2 we want FS2 to be a DC so the client computers, can be joined to this DC, and so this can still be our DHCP server.
I hope this clears things up :)
Thanks
ok,, so do you want FS2 to be in its own domain,, or the same domain as app1, or in a child domain in the parent domain as app1. each setup is different, you just have to decide what you want.
I would like to be able to have 1 login/password for each user, when they login to FS2 or app1.
thanks :)
thanks :)
then just have one flat domain. you can join as many domain controllers as you would like to that domain. just run DCpromo on a server that is a member of the domain.
Yep, one domain is all you need...no need for a trust. Follow the instructions I previously gave you for copying local profiles. The profiles will still be local, but the users will get the profile/desktop settings back. If you want to do roaming profiles then that's another topic, but I assume you want to keep the profiles local.
Question has a verified solution.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
All Courses
From novice to tech pro — start learning today.
-
Course of the Month9 days, 5 hours left to enrollMonitoring and Operating a Private Cloud with System Center 2012 R2 273 lessons
