Solved

Creating a Trust Relationship between two Domain Controllers.

Posted on 2004-09-23
15
151 Views
Last Modified: 2010-04-14
Hello again, here is my situation.

Scheduled for this saturday.  I am going to be removing a file server(fs1)  that we currently have and replacing it with a new file server (fs2).  We currently have a DC controller(apps1) setup on the network, however this is just used for terminal services.  None of the client machines connect to apps1.   We would like to be able to setup a trust relationship between fs2 and apps1.  However i do not know the process at which this would be done, since apps1 is already a DC.  Also, all client machines are running Windows XP Professional, after joining them to the domain, how can i keep all of their desktop settings, etc.  I will be completing this on Saturday, so any thoughts would be great?

Thanks :)

0
Comment
Question by:mostym
  • 5
  • 5
  • 5
15 Comments
 
LVL 18

Assisted Solution

by:luv2smile
luv2smile earned 100 total points
ID: 12136376
So I take it that you currently do not have a domain and that fs2 will be the PDC?

For your users' profile data, ie: desktop settings:

Once the users log in then you will need to copy their local profiles over to their domain account. Open up the system folder and go to the advance tab. Under user profiles, select settings. This will give you a list of all user profiles on the computer....the new domains accounts will have the domain name in front. You will need to copy the local profile to the domain profile.

For the trust relationship, if the 2 servers are in 2 different domains then you can use active directory domains and trusts to setup the relationship. But if they are in the same domain, then you don't need a trust relationship.
0
 
LVL 25

Accepted Solution

by:
mikeleebrla earned 400 total points
ID: 12136963
i think you are going about this in the wrong way.... you dont need a trust at all.... a trust is if you have 2 domains, you only have one, and you only need one.  FS2 doesn't need to be a DC at all from what you have told us.  Is there another reason that FS2 needs to be a DC?  Where do your users currently store thier desktop settings? Locallly or on FS1? IE are you using roamin or local profiles.   FYI...PDC and BDC are NT 4.0 terms,, they are not used in 2000/2003 domains except the PDC emulator FSMO role which is used for  backward compatablity if you have NT4 DCs still on your network.
0
 
LVL 18

Expert Comment

by:luv2smile
ID: 12137562
Yes, I made a mistake...mikeleebrla is right: there is no PDC in post NT so I should have asked if fs2 would be the machine authenticating users.
0
 

Author Comment

by:mostym
ID: 12139931
FS1 is our current file server - Stores network shares.
FS2 is our new File Server - Will store all of our network shares, when FS1 is replaced.
App1 - is our application server, used for sales to access an accounting application remotely via Terminal services(we have about 14 sales people logining in at 1 time)  this has been promoted to a DC because terminal services does not run without this installed.

Also, none of the client computers are joined to App1 they are just joined to a workgroup.

All client computers have local profiles...  luv2smile thanks for your help :)



0
 
LVL 18

Expert Comment

by:luv2smile
ID: 12141977
So if I understand this correctly:

You would install active directory on FS2 and so FS2 would authenticate users in the domain. You would need to only setup one domain and simply add App1 do that domain.
0
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 12142198
i think you misunderstood, but i could be wrong, b/c im confused somewhat myself..... mostym says that he promoted App1 to a DC,,, was there a domain at all before that,,, or is App1 the only DC?
0
 
LVL 18

Expert Comment

by:luv2smile
ID: 12143618
Yes, I think the confusion is over if a domain is being created and on what machine is intended to be used to setup the domain.

"none of the client computers are joined to App1 they are just joined to a workgroup"

So this tells me there currently is no domain and that he will be creating a domain. I was assuming that FS2 had been designated to setup the domain on. But evaluating this more, it would make sense to setup the domain on App1 since its already a DC unless you need FS2 to be a DC for some other reason. That is considering that App1 doesn't run SQL or has some other characteristic that would make it not favorable to be the "main" DC so to speak.

If I'm going the wrong way with this, I apologize.
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 

Author Comment

by:mostym
ID: 12144963
I appologize for the confusion.  

First let me make this very clear, app1 is a DC, however no client pcs are joined to this DC.  It is used for the sales team(remote) and accounting staff(local) to remote desktop to access an accounting software as well as a lead management tool.  The reason this is a DC is because terminal services can only be run when the server is a DC.

FS1 is NOT a DC, it is our current file server, it stores network shares, and is currently running DHCP.

When we replace FS1 with FS2 we want FS2 to be a DC so the client computers, can be joined to this DC, and so this can still be our DHCP server.

I hope this clears things up :)

Thanks
0
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 12145366
ok,, so do you want FS2 to be in its own domain,, or the same domain as app1, or in a child domain in the parent domain as app1.  each setup is different, you just have to decide what you want.
0
 

Author Comment

by:mostym
ID: 12145669
I would like to be able to have 1 login/password for each user, when they login to FS2 or app1.

thanks :)
0
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 12145723
then just have one flat domain.  you can join as many domain controllers as you would like to that domain.  just run DCpromo on a server that is a member of the domain.
0
 
LVL 18

Expert Comment

by:luv2smile
ID: 12145912
Yep, one domain is all you need...no need for a trust. Follow the instructions I previously gave you for copying local profiles. The profiles will still be local, but the users will get the profile/desktop settings back. If you want to do roaming profiles then that's another topic, but I assume you want to keep the profiles local.
0
 

Author Comment

by:mostym
ID: 12145941
Are you saying since App1 is a DC, i can just join FS2 to App1 then promote FS2 to a DC?
0
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 12146022
kind of, but you are using the wrong terminology

FS2 will not be joined to App1
FS2 will be joined to whatever domain app1 is a DC of
then promote FS2 to a DC,,, then they will both be DCs in the same domain.
0
 

Author Comment

by:mostym
ID: 12150916
Ok, im a little confused.  

Under System Properties > Network Identification > Domain

It says corporate.local.  So you are saying that I should first join FS2 to corporate.local, then promote FS2 to a DC?

This is probably exactly what you said above... I just need to be sure :)

Thanks
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
In  today’s increasingly digital world, managed service providers (MSPs) fight for their customers’ attention, looking for ways to make them stay and purchase more services. One way to encourage that behavior is to develop a dependable brand of prod…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now