Link to home
Start Free TrialLog in
Avatar of rdelrosario
rdelrosario

asked on

2 domains over VPN

We have DOMAINA which is in a company we aquired.   All their users and servers all join that local domain.   At headquarters (HQDOMAIN) we require the aquired companies users to join our HQDOMAIN.   How can we configure the relationship between the two domains so that they can still join HQDOMAIN while continuing to use the DOMAINA for their servers.  Their SQL environment and File Servers all require to be part of this DOMAINA.   All NTFS permissions defined in DOMAINA will go away if their local users JOIN the HQDOMAIN.

I'm sure this is a common scenario when compaines are bought and merged.  I'm not sure if we can mess with the forrest or things at that level.   Trusts can be created, but I don't think that solves much.  Anyone can direct me to common solutions to this.  1 company buying up other smaller companies and how AD becomes an issue with local applicatons/servers.

BTW, we currently have site to site vpn setup and running so we have complete bidirectional communication.  Just need options for handling domains
ASKER CERTIFIED SOLUTION
Avatar of Michael Machie
Michael Machie
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of rdelrosario
rdelrosario

ASKER

Thanks for the info.  We've thrown around the trust scenario, I don't believe we will be able to gracefully merge/migrate their AD accounts in DOMAINA to HQDOMAIN.   we will be creating them NEW accounts on HQDOMAIN, but again not migrating\merging them to HQDOMAIN.   We will likely let them stay on their DOMAINA so their local admins can continue managing NTFS permissions and their SQL farm will operate without downtime.

However, what is the best way to allow them to change their passwords on the HQDOMAIN.  Again we have a site to site VPN, but unless they logon/join the HQDOMAIN, what are the ways their users can change their passwords every 90 days (also reminders of password expirations)
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I've requested that this question be deleted for the following reason:

Not enough information to confirm an answer.
I disagree with closing this question without assigning points. All the correct and proper info has been given, and I have even offered to provide a script for the second part of this question. The issue here is the Author is not providing an update. If you require proof that these are correct answers, such as by external links that are not allowed by EE, then please say so to validate the answer and award points.

I do not believe any Expert's hard work and information-sharing should be rewarded with a deletion. This type of action discourages me, and I am positive it discourages other experts, to the point of not wanting to participate when half the questions I spend my time helping on and they get deleted because no update from the Author has been given in a Moderator-defined time frame, which is not consistent from moderator to moderator.