Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Creating a Trust Relationship between two Domain Controllers.

Posted on 2004-09-23
15
Medium Priority
?
159 Views
Last Modified: 2010-04-14
Hello again, here is my situation.

Scheduled for this saturday.  I am going to be removing a file server(fs1)  that we currently have and replacing it with a new file server (fs2).  We currently have a DC controller(apps1) setup on the network, however this is just used for terminal services.  None of the client machines connect to apps1.   We would like to be able to setup a trust relationship between fs2 and apps1.  However i do not know the process at which this would be done, since apps1 is already a DC.  Also, all client machines are running Windows XP Professional, after joining them to the domain, how can i keep all of their desktop settings, etc.  I will be completing this on Saturday, so any thoughts would be great?

Thanks :)

0
Comment
Question by:mostym
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
  • 5
15 Comments
 
LVL 18

Assisted Solution

by:luv2smile
luv2smile earned 400 total points
ID: 12136376
So I take it that you currently do not have a domain and that fs2 will be the PDC?

For your users' profile data, ie: desktop settings:

Once the users log in then you will need to copy their local profiles over to their domain account. Open up the system folder and go to the advance tab. Under user profiles, select settings. This will give you a list of all user profiles on the computer....the new domains accounts will have the domain name in front. You will need to copy the local profile to the domain profile.

For the trust relationship, if the 2 servers are in 2 different domains then you can use active directory domains and trusts to setup the relationship. But if they are in the same domain, then you don't need a trust relationship.
0
 
LVL 25

Accepted Solution

by:
mikeleebrla earned 1600 total points
ID: 12136963
i think you are going about this in the wrong way.... you dont need a trust at all.... a trust is if you have 2 domains, you only have one, and you only need one.  FS2 doesn't need to be a DC at all from what you have told us.  Is there another reason that FS2 needs to be a DC?  Where do your users currently store thier desktop settings? Locallly or on FS1? IE are you using roamin or local profiles.   FYI...PDC and BDC are NT 4.0 terms,, they are not used in 2000/2003 domains except the PDC emulator FSMO role which is used for  backward compatablity if you have NT4 DCs still on your network.
0
 
LVL 18

Expert Comment

by:luv2smile
ID: 12137562
Yes, I made a mistake...mikeleebrla is right: there is no PDC in post NT so I should have asked if fs2 would be the machine authenticating users.
0
[Webinar] Lessons on Recovering from Petya

Skyport is working hard to help customers recover from recent attacks, like the Petya worm. This work has brought to light some important lessons. New malware attacks like this can take down your entire environment. Learn from others mistakes on how to prevent Petya like worms.

 

Author Comment

by:mostym
ID: 12139931
FS1 is our current file server - Stores network shares.
FS2 is our new File Server - Will store all of our network shares, when FS1 is replaced.
App1 - is our application server, used for sales to access an accounting application remotely via Terminal services(we have about 14 sales people logining in at 1 time)  this has been promoted to a DC because terminal services does not run without this installed.

Also, none of the client computers are joined to App1 they are just joined to a workgroup.

All client computers have local profiles...  luv2smile thanks for your help :)



0
 
LVL 18

Expert Comment

by:luv2smile
ID: 12141977
So if I understand this correctly:

You would install active directory on FS2 and so FS2 would authenticate users in the domain. You would need to only setup one domain and simply add App1 do that domain.
0
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 12142198
i think you misunderstood, but i could be wrong, b/c im confused somewhat myself..... mostym says that he promoted App1 to a DC,,, was there a domain at all before that,,, or is App1 the only DC?
0
 
LVL 18

Expert Comment

by:luv2smile
ID: 12143618
Yes, I think the confusion is over if a domain is being created and on what machine is intended to be used to setup the domain.

"none of the client computers are joined to App1 they are just joined to a workgroup"

So this tells me there currently is no domain and that he will be creating a domain. I was assuming that FS2 had been designated to setup the domain on. But evaluating this more, it would make sense to setup the domain on App1 since its already a DC unless you need FS2 to be a DC for some other reason. That is considering that App1 doesn't run SQL or has some other characteristic that would make it not favorable to be the "main" DC so to speak.

If I'm going the wrong way with this, I apologize.
0
 

Author Comment

by:mostym
ID: 12144963
I appologize for the confusion.  

First let me make this very clear, app1 is a DC, however no client pcs are joined to this DC.  It is used for the sales team(remote) and accounting staff(local) to remote desktop to access an accounting software as well as a lead management tool.  The reason this is a DC is because terminal services can only be run when the server is a DC.

FS1 is NOT a DC, it is our current file server, it stores network shares, and is currently running DHCP.

When we replace FS1 with FS2 we want FS2 to be a DC so the client computers, can be joined to this DC, and so this can still be our DHCP server.

I hope this clears things up :)

Thanks
0
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 12145366
ok,, so do you want FS2 to be in its own domain,, or the same domain as app1, or in a child domain in the parent domain as app1.  each setup is different, you just have to decide what you want.
0
 

Author Comment

by:mostym
ID: 12145669
I would like to be able to have 1 login/password for each user, when they login to FS2 or app1.

thanks :)
0
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 12145723
then just have one flat domain.  you can join as many domain controllers as you would like to that domain.  just run DCpromo on a server that is a member of the domain.
0
 
LVL 18

Expert Comment

by:luv2smile
ID: 12145912
Yep, one domain is all you need...no need for a trust. Follow the instructions I previously gave you for copying local profiles. The profiles will still be local, but the users will get the profile/desktop settings back. If you want to do roaming profiles then that's another topic, but I assume you want to keep the profiles local.
0
 

Author Comment

by:mostym
ID: 12145941
Are you saying since App1 is a DC, i can just join FS2 to App1 then promote FS2 to a DC?
0
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 12146022
kind of, but you are using the wrong terminology

FS2 will not be joined to App1
FS2 will be joined to whatever domain app1 is a DC of
then promote FS2 to a DC,,, then they will both be DCs in the same domain.
0
 

Author Comment

by:mostym
ID: 12150916
Ok, im a little confused.  

Under System Properties > Network Identification > Domain

It says corporate.local.  So you are saying that I should first join FS2 to corporate.local, then promote FS2 to a DC?

This is probably exactly what you said above... I just need to be sure :)

Thanks
0

Featured Post

Tech or Treat! - Giveaway

Submit an article about your scariest tech experience—and the solution—and you’ll be automatically entered to win one of 4 fantastic tech gadgets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
An overview of cyber security, cyber crime, and personal protection against hackers. Includes a brief summary of the Equifax breach and why everyone should be aware of it. Other subjects include: how cyber security has failed to advance with technol…
Video by: ITPro.TV
In this episode Don builds upon the troubleshooting techniques by demonstrating how to properly monitor a vSphere deployment to detect problems before they occur. He begins the show using tools found within the vSphere suite as ends the show demonst…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question