Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 230
  • Last Modified:

Connect laptop to two seperate domains

Here is my situation.  I have network A in one location and network B in another location, these are completely seperate networks with their own domains within our company.  I would like to be able to take laptops between the two networks.  The users of these laptops will not have administrative privlidges and therefore will not be able to reconnect their labtop to the different domains as they travel between the two.  Combining the two networks under one forest is not an option, neither is setting up a WAN, nor is a wireless network.  Is there any way to have the users be able to connect to the two seperate domains without having to re-join the domain each time they move?  What if I were to configure the two servers and domains exactly alike?  Would this somehow trick the laptops that were joined to domain A into thinking that it was the same domain even though they were at domain B?
Any solutions/suggestions would be greatly appreciated!!
  • 2
1 Solution

To answer one question:   Repeating the same configuration process on another server won't work because the install process for a domain generates a pseudo-random SID number that is statistcally guaranteed to be a unique identifier.  This means two domains with the same name are not seen as identitical "under the covers".   The only way to "configure two servers and domains exactly alike"  would be to clone (copy the system disk) a domain controller from network A and build the network B using the clone.  

It seems unlikely to that cloning a domain is a good solution for you -- for one thing, every new laptop PC or mobile user (or password change) made on one domain would have to be repeated on the other domain.   Trust me, it would be a horrible mess.   There must be a better solution.   Why do these users need to be in the domain at each of these two seperate sites?  It is possible (but now always simple) to access network resources in a domain to which you don't belong or have any trust relationship.  Are these NT, 2000, or 2003 domains?

mgallegosAuthor Commented:
These are 2003 domains and XP Pro laptops.  How is it possible to access network resources in which you do not have an established trust relationship?
There's no *automated* or easy way to do it.  User X from Network A (A\X) would need to have a login in network B as well (B/X).     Because they would not be logged in to domain B, they would have to manually initiate any network share (or other type) connections at the network B site and provide their network B\X userid and password.  It would be pretty horrible, but if they just need access to one or two shares and a printer, it can be done.

Let me approach the problem from a different angle....are you *sure* you can't create a trust between the domains (even if you can put them in the same forest).   For example, if each site has an interent connection, even just dial-up, you could maintain a trust through a VPN.  You could even put them in the same forest and do GC replication at night.

If you can't create any connection between the site, then you have 3 choices that are all pretty bad:
1 - maintenance of seperate userids and manual connections to network resources
2 - cloning of a domain in 2 locations (there are many reasons why this is a *really* bad idea)
3 - allowing anonymous access to the resources needed by mobile users (OK for printers, but they still would need to connect manually).
I think the first is the least awful of the 3 options.

You really need to connect these 2 domains.   Do you have internet connections at each site?  If yes, you can use a VPN for zero cost (except the time to set it up).

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now