Trust Relationship between two Windows domain

Dear Fellows,


Recently I have given a task to move and merge existing network to another
location in the building. Below I have provided generic description of
present and future network.


Existing network 1 (contoso.com) at location A

Currently we are running four servers, which are Windows domain controller,
File server, Citrix Server, and SQL Server.



Future network 2 (contoso.org) at location B

The future network will include six new servers to another location in the
same building. My goal is to accomplish; some how tied (trust relation) these
two networks temporarily so the users can access files and application
between two LAN. I would also like to phase out existing network once I am
finished migration of existing application/data to network 2.

I have never done this before, please advice what would be better route for
me to take in order to accomplish smooth migration of current situation. Any
help would greatly appreciate it.


Many Thanks

Regards,

Imran Ahmad

=?Utf-8?B?SW1yYW4gQWhtYWQ=?= <Imran (E-Mail Removed)>
wrote in news:14D0E797-F219-4C7D-B18B-(E-Mail Removed):

> Dear Fellows,
>
>
> Recently I have given a task to move and merge existing network to
> another location in the building. Below I have provided generic
> description of present and future network.
>
>
> Existing network 1 (contoso.com) at location A
>
> Currently we are running four servers, which are Windows domain
> controller, File server, Citrix Server, and SQL Server.
>
>
>
> Future network 2 (contoso.org) at location B
>
> The future network will include six new servers to another location in
> the same building. My goal is to accomplish; some how tied (trust
> relation) these two networks temporarily so the users can access files
> and application between two LAN. I would also like to phase out
> existing network once I am finished migration of existing
> application/data to network 2.
>
> I have never done this before, please advice what would be better
> route for me to take in order to accomplish smooth migration of
> current situation. Any help would greatly appreciate it.
>
>
> Many Thanks
>
> Regards,
>
> Imran Ahmad
>
>

Hi Imran --

I would like to recommend the following Active Directory papers to assist
you:

Designing the Active Directory Logical Structure
http://technet2.microsoft.com/Window...720-ed2e-47ed-
a80d-fa43a403b4361033.mspx

and

Planning and Implementing Federated Forests in Windows Server 2003
http://technet2.microsoft.com/Window...9e7-c891-4c15-
85f9-7d30bb87e5921033.mspx

There might be other helpful resources at the following site:

Microsoft Windows Server 2003 Active Directory
http://technet2.microsoft.com/window...eatured/ad/def
ault.mspx


--
James McIllece, Microsoft

Please do not send email directly to this alias. This is my online account
name for newsgroup participation only.

This posting is provided "AS IS" with no warranties, and confers no rights.

I have two seperate locations connected thru VPN.

Site A Domain A w2003
Site B Domain B w2003

I want to set up trust.
If understand corectly:
Add forwarder to DNS Domain on both sides Name and IP
Add each side two way in trust Applet

Do I have to raise both to w2003, one is and one is not,

I am afraid that it might affect my current setup,

Current setup:
Site A has Exch 2003
Site B connects acroos VPN to exch 2003

New config is to reverse and have Site B host Ex 2003

When I try to connect to new Exch on other domain it wont acceptin utlook,
it populates local AD Exch.

If I make a trust will it then be able to reach new Exch on other Domain?

Thank you in advance

"zuma.net" <(E-Mail Removed)> wrote in message
news:47B94C36-C0DC-402A-B4A1-(E-Mail Removed)...
>I have two seperate locations connected thru VPN.
>
> Site A Domain A w2003
> Site B Domain B w2003
>
> I want to set up trust.
> If understand corectly:
> Add forwarder to DNS Domain on both sides Name and IP
> Add each side two way in trust Applet
>
> Do I have to raise both to w2003, one is and one is not,
>
> I am afraid that it might affect my current setup,
>
> Current setup:
> Site A has Exch 2003
> Site B connects acroos VPN to exch 2003
>
> New config is to reverse and have Site B host Ex 2003

1. It would have to be a Conditional Forwarder in DNS or you will get an
endless loop.

2. Each site is going to be a different Subnet.

3. Exchange has nothing to do with Subnets

4. Domains have nothing to do with Subnets

5. Exchange only cares about Domains,..and the Mailboxes exist in AD in the
Domain,...not on the Exchange itself. It doesn't matter where it is
physically located or what subnet it is in.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------

"Phillip Windell" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> 5. Exchange only cares about Domains,..and the Mailboxes exist in AD in
> the Domain,...not on the Exchange itself. It doesn't matter where it is
> physically located or what subnet it is in.

To clarify that, a mailbox is "imaginary",..it is nothing more than an
Active Directory Attribute of an Object (in this example, a user object).
The actual data associated with the User account (via the Mailbox Attribute)
is stored in the Information Store on the Exchange Server.

So it is a complex integrated system.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------

So how do I reach the other Exchange server 2007 if it is on a seperate Domain?

"Phillip Windell" wrote:

> "Phillip Windell" <(E-Mail Removed)> wrote in message
> news:%(E-Mail Removed)...
> > 5. Exchange only cares about Domains,..and the Mailboxes exist in AD in
> > the Domain,...not on the Exchange itself. It doesn't matter where it is
> > physically located or what subnet it is in.
>
> To clarify that, a mailbox is "imaginary",..it is nothing more than an
> Active Directory Attribute of an Object (in this example, a user object).
> The actual data associated with the User account (via the Mailbox Attribute)
> is stored in the Information Store on the Exchange Server.
>
> So it is a complex integrated system.
>
> --
> Phillip Windell
> www.wandtv.com
>
> The views expressed, are my own and not those of my employer, or Microsoft,
> or anyone else associated with me, including my cats.
> -----------------------------------------------------
>
>
>

"zuma.net" <(E-Mail Removed)> wrote in message
news:35244BD8-3AA8-4D32-AFB0-(E-Mail Removed)...
> So how do I reach the other Exchange server 2007 if it is on a seperate
> Domain?

I don't think you understand the situation.
You don't reach an Exchange Server "on a Domain",...you reach the Exchange
Server "on a network". Domains are not "networks". Domains are
"administrative environments".

The user and the Exchange are going to be on the same Domain togther to
start with.
The user has to use the Exchange that is in the same Domain (administrative
environment) that the user is in.

To make it more clear,...you can't have one Exchange and two Domains.
You must have two Exchanges if you have two Domains (one Exchange in each
Domain). Exchange is "married" to the Domain it operates in,...and it
doesn't cheat on its husband.

Now you can have multiple Exchanges from different Domains operate together
in the same Exchange Organization if the two Domains are in the same Forest
(like in a Root Domain/Child Domain situation).


You can have multiple Exchanges in one Domain or Forest

But you cannot have one Exchange in multiple Domains or Forests.


--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------

I understand what you are saying, ea domain needs its own exch. Server.

I had the users in the other domain connecting to the Ex 2003 with no
problem. This way they had full exch features from both domains. These are
..local domains.

I would create the user in both domains so they would be able to
authenticate, user name and password.

If I set up a trust, will that allow connectivity?

"Phillip Windell" wrote:

>
> "zuma.net" <(E-Mail Removed)> wrote in message
> news:35244BD8-3AA8-4D32-AFB0-(E-Mail Removed)...
> > So how do I reach the other Exchange server 2007 if it is on a seperate
> > Domain?
>
> I don't think you understand the situation.
> You don't reach an Exchange Server "on a Domain",...you reach the Exchange
> Server "on a network". Domains are not "networks". Domains are
> "administrative environments".
>
> The user and the Exchange are going to be on the same Domain togther to
> start with.
> The user has to use the Exchange that is in the same Domain (administrative
> environment) that the user is in.
>
> To make it more clear,...you can't have one Exchange and two Domains.
> You must have two Exchanges if you have two Domains (one Exchange in each
> Domain). Exchange is "married" to the Domain it operates in,...and it
> doesn't cheat on its husband.
>
> Now you can have multiple Exchanges from different Domains operate together
> in the same Exchange Organization if the two Domains are in the same Forest
> (like in a Root Domain/Child Domain situation).
>
>
> You can have multiple Exchanges in one Domain or Forest
>
> But you cannot have one Exchange in multiple Domains or Forests.
>
>
> --
> Phillip Windell
> www.wandtv.com
>
> The views expressed, are my own and not those of my employer, or Microsoft,
> or anyone else associated with me, including my cats.
> -----------------------------------------------------
>
>
>

Any ideas?

"zuma.net" wrote:

> I understand what you are saying, ea domain needs its own exch. Server.
>
> I had the users in the other domain connecting to the Ex 2003 with no
> problem. This way they had full exch features from both domains. These are
> .local domains.
>
> I would create the user in both domains so they would be able to
> authenticate, user name and password.
>
> If I set up a trust, will that allow connectivity?
>
> "Phillip Windell" wrote:
>
> >
> > "zuma.net" <(E-Mail Removed)> wrote in message
> > news:35244BD8-3AA8-4D32-AFB0-(E-Mail Removed)...
> > > So how do I reach the other Exchange server 2007 if it is on a seperate
> > > Domain?
> >
> > I don't think you understand the situation.
> > You don't reach an Exchange Server "on a Domain",...you reach the Exchange
> > Server "on a network". Domains are not "networks". Domains are
> > "administrative environments".
> >
> > The user and the Exchange are going to be on the same Domain togther to
> > start with.
> > The user has to use the Exchange that is in the same Domain (administrative
> > environment) that the user is in.
> >
> > To make it more clear,...you can't have one Exchange and two Domains.
> > You must have two Exchanges if you have two Domains (one Exchange in each
> > Domain). Exchange is "married" to the Domain it operates in,...and it
> > doesn't cheat on its husband.
> >
> > Now you can have multiple Exchanges from different Domains operate together
> > in the same Exchange Organization if the two Domains are in the same Forest
> > (like in a Root Domain/Child Domain situation).
> >
> >
> > You can have multiple Exchanges in one Domain or Forest
> >
> > But you cannot have one Exchange in multiple Domains or Forests.
> >
> >
> > --
> > Phillip Windell
> > www.wandtv.com
> >
> > The views expressed, are my own and not those of my employer, or Microsoft,
> > or anyone else associated with me, including my cats.
> > -----------------------------------------------------
> >
> >
> >

Look...

You have 2 Sites,...a Domain in each Site

Therefore you need 2 Exchanges,....one in each site/domain.

If both Domains are in the same Forest the two Exchanges can be in the same
Exchange Organization, but if it is not the same Forest then that is not
possible.


--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------