Connect laptop to two seperate domains

Posted on 2005-03-29
Medium Priority
Last Modified: 2012-05-05
Here is my situation.  I have network A in one location and network B in another location, these are completely seperate networks with their own domains within our company.  I would like to be able to take laptops between the two networks.  The users of these laptops will not have administrative privlidges and therefore will not be able to reconnect their labtop to the different domains as they travel between the two.  Combining the two networks under one forest is not an option, neither is setting up a WAN, nor is a wireless network.  Is there any way to have the users be able to connect to the two seperate domains without having to re-join the domain each time they move?  What if I were to configure the two servers and domains exactly alike?  Would this somehow trick the laptops that were joined to domain A into thinking that it was the same domain even though they were at domain B?
Any solutions/suggestions would be greatly appreciated!!
Question by:mgallegos
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
LVL 12

Expert Comment

ID: 13655932

To answer one question:   Repeating the same configuration process on another server won't work because the install process for a domain generates a pseudo-random SID number that is statistcally guaranteed to be a unique identifier.  This means two domains with the same name are not seen as identitical "under the covers".   The only way to "configure two servers and domains exactly alike"  would be to clone (copy the system disk) a domain controller from network A and build the network B using the clone.  

It seems unlikely to that cloning a domain is a good solution for you -- for one thing, every new laptop PC or mobile user (or password change) made on one domain would have to be repeated on the other domain.   Trust me, it would be a horrible mess.   There must be a better solution.   Why do these users need to be in the domain at each of these two seperate sites?  It is possible (but now always simple) to access network resources in a domain to which you don't belong or have any trust relationship.  Are these NT, 2000, or 2003 domains?


Author Comment

ID: 13681723
These are 2003 domains and XP Pro laptops.  How is it possible to access network resources in which you do not have an established trust relationship?
LVL 12

Accepted Solution

Carlo-Giuliani earned 2000 total points
ID: 13681977
There's no *automated* or easy way to do it.  User X from Network A (A\X) would need to have a login in network B as well (B/X).     Because they would not be logged in to domain B, they would have to manually initiate any network share (or other type) connections at the network B site and provide their network B\X userid and password.  It would be pretty horrible, but if they just need access to one or two shares and a printer, it can be done.

Let me approach the problem from a different angle....are you *sure* you can't create a trust between the domains (even if you can put them in the same forest).   For example, if each site has an interent connection, even just dial-up, you could maintain a trust through a VPN.  You could even put them in the same forest and do GC replication at night.

If you can't create any connection between the site, then you have 3 choices that are all pretty bad:
1 - maintenance of seperate userids and manual connections to network resources
2 - cloning of a domain in 2 locations (there are many reasons why this is a *really* bad idea)
3 - allowing anonymous access to the resources needed by mobile users (OK for printers, but they still would need to connect manually).
I think the first is the least awful of the 3 options.

You really need to connect these 2 domains.   Do you have internet connections at each site?  If yes, you can use a VPN for zero cost (except the time to set it up).

Featured Post

Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Need In an Active Directory enviroment, the PDC emulator provide time synchronization for the domain. This is important since Active Directory uses Kerberos for authentication.  By default, if the time difference between systems is off by more …
Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question