Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

what is the best way to implement a new domain for joint project involving 3 seperate companies

Posted on 2012-09-02
6
Medium Priority
?
766 Views
Last Modified: 2012-09-03
we have a new job coming up the will require an IT setup
it will be 3 offices that need to be connected to each other with a total of around 120 users
i was going to install one server and have all users connected to it
around 40% of these users are people who are only going to help out for around 1 year and they have their own laptops currently connected to another office domain.
what is the best way to setup the IT infrastructure to include these users
should i use child doamins or domain trusts etc
0
Comment
Question by:dougdog
6 Comments
 
LVL 22

Expert Comment

by:Rick Hobbs
ID: 38358750
I would use trusts for the domain that will be gone in a year and a child domain for the other users.
0
 

Author Comment

by:dougdog
ID: 38358775
i need to setup a new domain called domain c
domain c will consist of 100 users
but i have some users who belong to domain A who will need to access domain c for file server data etc and some users from domain  B who will need to access domain c
only some users from domain A & B may access domain c and the main users who are only on domain C may not access anything from Domain A or B
How can i achieve this?
0
 
LVL 18

Assisted Solution

by:Sushil Sonawane
Sushil Sonawane earned 1000 total points
ID: 38358906
Create the external trust with domain C and make direction one-way (A domain user can able to access domin C and same B domain also)

Ex.

A === C (External Trust Nontransitive One-way)
B === C (External Trust Nontransitive One-way)
A====B (External Trust Transitive Two-way) OR (Forest trust Transitive Two-way)



Please refer below article:

1) Trust types

(http://technet.microsoft.com/en-us/library/cc775736(v=ws.10).aspx)

2) Trust transitivity
(http://technet.microsoft.com/en-us/library/cc775736(v=ws.10).aspx)

3 ) Creating External Trusts

http://technet.microsoft.com/en-us/library/cc728307(v=ws.10).aspx

4) Creating Forest Trusts

http://technet.microsoft.com/en-us/library/cc776940(v=ws.10).aspx
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 

Author Comment

by:dougdog
ID: 38358921
if i create the trust level will this not mean all users in domain a can access c
can i limit a trust to group of users
0
 
LVL 18

Expert Comment

by:Sushil Sonawane
ID: 38358967
Yes you can assign the group permission to user so that you can limit a trust to group of users.

(http://technet.microsoft.com/en-us/library/bb727067.aspx)

(http://technet.microsoft.com/en-us/library/cc755692(v=ws.10))

(http://blog.imanami.com/blog/bid/34597/AD-Group-types-universal-groups-global-groups-domain-local-groups)


Assign domain A and B domain user group permission Universal group or Global group who wan to access domain C and remain user assign permission domain local .  You are going create External Trust Nontransitive One-way so that C user can't access A and B resource.
0
 
LVL 39

Accepted Solution

by:
Krzysztof Pytko earned 1000 total points
ID: 38359985
The answer is your previous post :) and yes, you can achieve that to selected users group. But as I wrote in that post, you should not use external trust for that.

Using standard trust, you would be able to define if you want to allow all users from another domain access resources or just only part of them. To allow part of them, you need to use "Selective Authentication" during forest trust set up

Regards,
Krzysztof
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Unable to change the program that handles the scan event from a network attached Canon/Brother printer/scanner. This means you'll always have to choose which program handles this action, e.g. ControlCenter4 (in the case of a Brother).
Tech spooks aren't just for those who are tech savvy, it also happens to those of us running a business. Check out the top tech spooks for business owners.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question