Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 521
  • Last Modified:

How to join two separate domains on entirely different networks

I work at a large private school. The library is a shared resource with another government school next door. For years this has worked having computers physically connected to the switch going to whatever domain it was joined to. Recently, due to political and historical reasons, they want all computers in the area to be able to log on to either domain. In other words, all computers now will be assets belonging to both schools, and any computer in the library is to be used by students in either domain.
Needless to say, neither I nor the sysadmin next door are too excited about this.  At this time, the only connection between the two networks is a multi-homed sql server. I'm reasonably experienced in network support, but have never needed to do this.

I know companies merge all the time, but we don't have people resources to do a large scope of work. Thankfully we're not a merger, but do need to 'merge' the library as a shared resource between the separate campuses. How easy is this to implement with regards to security, functionality, routing, etc.? How large scope of works is this, or is there a simple solution?
Thank you,
Canuc0
0
canuc0
Asked:
canuc0
  • 3
1 Solution
 
tmeunierCommented:
So to make sure I understand what you're doing here, let me paraphrase.  You have School1 and School2, each are a completely separate AD organization, and physically separate network, and you wish to keep it that way.  Additionally, you have a library with workstations, and any workstation needs at any time to be able to connect to EITHER School1 or School2.  

So the first concern is that these workstations can only be joined to one AD forest.  Without establishing trust relationships, I would say that your only viable option is to set up a Terminal Server on each network, serving virtual desktops to the library workstations.  You could then lock down the library workstations (perhaps through a GPO on one of the AD domains that they ARE connected to...) so that they MUST connect to a TS server.  You can also publish a nice virtual desktop using the Citrix Access Essentials product, since renamed to XEN something.
http://www.citrix.com/English/ps2/products/product.asp?contentID=21376
Since you're an educational institution you may have good luck finding compelling pricing.

Other than this, you are going to be moving toward a "merger" model which I know you're trying to avoid.  Good luck.

-tom
0
 
canuc0Author Commented:
Thanks for the response. You understood perfectly, I am trying hard to avoid the implications of merging.
I have also thought about using Terminal Services connections to each network. This way each computer would be standalone, and not joined to a domain.
Also mentioned were VMware virtual desktops.
Other options are using a vlan, but not quite sure how this would be set up.
0
 
canuc0Author Commented:
Any takers? Has anyone done this, and what issues did you come across?
0
 
canuc0Author Commented:
Will close as there have been no other ideas/solutions posted, and thus will award all points to you. Thanks for your input, tom
canuc0
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now