Syncronize users in 2 different domains

Hi,

Our company has recently joined a larger company.  Most of our servers have been moved to their data centre.  We have projects (Visual studio .NET) in these servers.  We use SourceGear Vault as a source control.  At the moment we have trouble opening some web projects as the project files are on the server (in the data centre) which now is in a different domain.  We can Remote Desktop connect to it with admin user.

Is it possible to syncronize our domain users here in domain A with domain B at the data centre?  I don't knnow much about domains and their setups so please easy on me :-)

Thanks
H
LVL 12
gbzhhuAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Rant32Commented:
Synchronizing users across domains doesn't usually work this way. If users in your domain require access to resources located in the other domain, then the usual solution is a forest or a domain trust relationship. That requires work with the other domain's administrators.

If the other company doesn't want a trust relationship like this, but they simply take your server and move it to a different domain, then I wouldn't call it "joining" a company, I'd call it "stealing your stuff".
Krzysztof PytkoSenior Active Directory EngineerCommented:
Set up trust between domains. Configure DNS conditional forwarding and then you will be able assigning users from domainA to resources in domainB

If you need assistance just let me know

Regards,
Krzysztof
KenMcFCommented:
Are they planning on removing your current doamin and just using a single domain?

If so and you want all users in a single domain you could use the ADMT

http://technet.microsoft.com/en-us/library/cc974332%28WS.10%29.aspx

If you are planning on keeping both domains \ forests I agree with iSiek and Rant32. You should create a trust between the two and not use the Admin account to access your current data.

http://technet.microsoft.com/en-us/library/cc738955%28WS.10%29.aspx
http://technet.microsoft.com/en-us/library/cc780479%28WS.10%29.aspx

Exploring SQL Server 2016: Fundamentals

Learn the fundamentals of Microsoft SQL Server, a relational database management system that stores and retrieves data when requested by other software applications.

gbzhhuAuthor Commented:
Fantastic response guys.  Before I speak with my senior, what is involved in setting up a trust relationship?  I can't imagine them refusing this trust as we now share the same group name.  I think they actually created a new domain just for our servers.  I would dbe a in great position if you could explain steps involved in setting up the trust.

I think we wiwll keep our domain as we have some internal stuff that need that. So the trust looks like the way to go

Cheers
h
KenMcFCommented:
gbzhhu

Take a look at the link I posted
http://technet.microsoft.com/en-us/library/cc780479%28WS.10%29.aspx
It has the steps to create a trust.
Rant32Commented:
As pointed out, DNS name resolution is very important. Depending on the number of domain controllers in your environment, set up DNS conditional forwarders per server (with few servers) or AD-integrated Stub zones (which you set up once).

Verify that all domain controllers on each side can resolve each other's names and Directory entries (like _ldap._tcp.yourdomain.com)

Decide between an External trust (single domain to another domain) or a forest trust (you can read about terminology here).

Setting up the actual trust is easily done with the AD Domains & Trusts management snap-in, if well-prepared.
gbzhhuAuthor Commented:
Rant32,

We only have 2 domains here and all our users are in one domain, the other has web servers but not the users.  Don't know why it was done that way.  So I think what we need is an external trust between our domain with the users and the other hosted in datacentre domain.

Now one thing that is confusing me is the "DNS conditional forwarders"  Also when I read the links you gave me I see it is all talking about Windows Server 2003.  Is this the domain controller?  Does it need to be Windows Server 2003?  I have a suspiscion ours is Windows 2000 Server
Rant32Commented:
Windows 2000 doesn't have conditional forwarders or stub zones, that was introduced in Windows 2003. Not having conditional forwarders or stub zones is not a show-stopper, but it does change the plan. Building an external trust has essentially worked the same since Windows NT as it does for recent versions, so the information still applies.

And yes, the domain controllers take care of authentication, and only domain controllers maintain and use external trusts.

Note that a forest trust will allow finer control over the trust relationship than a one-way relationship between domains.

So, I think that the first things you need to do:
1) Get management to get you the co-operation of a domain administrator of the other domain, if possible, or obtain those permissions yourself. This cannot be done without Administrative privileges.

2) Get the information required to plan the trust. This includes:
- operating system versions of domain controllers, on both sides;
- the Domain functional level and forest functional levels on both sides;
- a list of IP addresses of available DNS servers, on both sides;
- and agree on a shared password to use for the external trust. You need that password on both sides to establish the trust.

1) is probably most important. If you have any questions obtaining the information in 2), please ask them.

Another Q: if you log on to the webserver's Remote Desktop, do you use an account in the other domain, or do you use a computer-local user account?

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
gbzhhuAuthor Commented:
Rant32,

Management stated "we will create a trust when all servers have moved as doing that now will create some problems"  In other words "leave it to us"

Your advice is second to none thank you.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Project Management

From novice to tech pro — start learning today.