Tom's Hardware > Forum > Windows 2000/NT > Windows 2000/NT General Discussion > AD properties in federated forest environment

AD properties in federated forest environment

Forum Windows 2000/NT : Windows 2000/NT General Discussion - AD properties in federated forest environment

Tom's Hardware: Over 1.4 million members in 6 different countries available to answer all your high-tech questions. Sign up now! Its free!
Ask the community Add a reply
Word :    Username :           
 
Anonymous   01-11-2005 at 09:05:47 AM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

 

Hi there.

We were previously two separate companies that have joined
by acquisition and have implemented a federated forest to
join the domains together.

Within AD we are trying to implement a proper
organisational structure but have run into a problem. We
are trying to set the manager property for each person,
but have a situation where the account for a persons
manager might be in the other domain. In other words,
DomainA\JSmith has a manager of DomainB\FBloggs.

Does anyone know if this is technically possible to
implement?

Regards

Simon Rogers
(remove vegetable and hyphens for real address)

Add a reply
Sponsored Links
Register or log in to remove.
Anonymous   01-11-2005 at 03:43:15 PM
- 0 +

Archived from groups: microsoft.public.win2000.active_directory (More info?)

 

I do not believe so. With DN stored attributes like manager the value has to be
a valid DN from the same forest. This is why groups use
foreignSecurityPrincipals to represent users from "trusted" domains. You would
have to cook up something similar, you may in fact be able to use fsp's as well
but I haven't tried it.

joe

--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net


Simon Rogers wrote:
> Hi there.
>
> We were previously two separate companies that have joined
> by acquisition and have implemented a federated forest to
> join the domains together.
>
> Within AD we are trying to implement a proper
> organisational structure but have run into a problem. We
> are trying to set the manager property for each person,
> but have a situation where the account for a persons
> manager might be in the other domain. In other words,
> DomainA\JSmith has a manager of DomainB\FBloggs.
>
> Does anyone know if this is technically possible to
> implement?
>
> Regards
>
> Simon Rogers
> (remove vegetable and hyphens for real address)

Reply to Anonymous
Anonymous   01-11-2005 at 09:56:30 PM
- 0 +

Archived from groups: microsoft.public.win2000.active_directory (More info?)

 

If they are in same forest. if not, there is not way so far I know.

--
Regards
Christoffer Andersson
Microsoft MVP - Directory Services

No email replies please - reply in the newsgroup
------------------------------------------------
http://www.chrisse.se - Active Directory Tips

"Simon Rogers" <uksrogers@g-potato-mail.com> skrev i meddelandet
news:1fba01c4f7cd$80f62d70$a401280a@phx.gbl...
> Hi there.
>
> We were previously two separate companies that have joined
> by acquisition and have implemented a federated forest to
> join the domains together.
>
> Within AD we are trying to implement a proper
> organisational structure but have run into a problem. We
> are trying to set the manager property for each person,
> but have a situation where the account for a persons
> manager might be in the other domain. In other words,
> DomainA\JSmith has a manager of DomainB\FBloggs.
>
> Does anyone know if this is technically possible to
> implement?
>
> Regards
>
> Simon Rogers
> (remove vegetable and hyphens for real address)

Reply to Anonymous
Anonymous   01-11-2005 at 03:43:16 PM
- 0 +

Archived from groups: microsoft.public.win2000.active_directory (More info?)

 

Joe

Thanks for the reply

Simon


>-----Original Message-----
>I do not believe so. With DN stored attributes like
manager the value has to be
>a valid DN from the same forest. This is why groups use
>foreignSecurityPrincipals to represent users
from "trusted" domains. You would
>have to cook up something similar, you may in fact be
able to use fsp's as well
>but I haven't tried it.
>
> joe
>
>--
>Joe Richards Microsoft MVP Windows Server Directory
Services
>www.joeware.net
>
>
>Simon Rogers wrote:
>> Hi there.
>>
>> We were previously two separate companies that have
joined
>> by acquisition and have implemented a federated forest
to
>> join the domains together.
>>
>> Within AD we are trying to implement a proper
>> organisational structure but have run into a problem.
We
>> are trying to set the manager property for each person,
>> but have a situation where the account for a persons
>> manager might be in the other domain. In other words,
>> DomainA\JSmith has a manager of DomainB\FBloggs.
>>
>> Does anyone know if this is technically possible to
>> implement?
>>
>> Regards
>>
>> Simon Rogers
>> (remove vegetable and hyphens for real address)
>.
>

Reply to Anonymous
Anonymous   01-11-2005 at 09:56:31 PM
- 0 +

Archived from groups: microsoft.public.win2000.active_directory (More info?)

 

Thanks Chris

Simon


>-----Original Message-----
>If they are in same forest. if not, there is not way so
far I know.
>
>--
>Regards
>Christoffer Andersson
>Microsoft MVP - Directory Services
>
>No email replies please - reply in the newsgroup
>------------------------------------------------
>http://www.chrisse.se - Active Directory Tips
>
>"Simon Rogers" <uksrogers@g-potato-mail.com> skrev i
meddelandet
>news:1fba01c4f7cd$80f62d70$a401280a@phx.gbl...
>> Hi there.
>>
>> We were previously two separate companies that have
joined
>> by acquisition and have implemented a federated forest
to
>> join the domains together.
>>
>> Within AD we are trying to implement a proper
>> organisational structure but have run into a problem.
We
>> are trying to set the manager property for each person,
>> but have a situation where the account for a persons
>> manager might be in the other domain. In other words,
>> DomainA\JSmith has a manager of DomainB\FBloggs.
>>
>> Does anyone know if this is technically possible to
>> implement?
>>
>> Regards
>>
>> Simon Rogers
>> (remove vegetable and hyphens for real address)
>
>
>.
>

Reply to Anonymous
Ask the community Add a reply
Tom's Hardware > Forum > Windows 2000/NT > Windows 2000/NT General Discussion > AD properties in federated forest environment
Go to:

There are 1176 identified and unidentified users. To see the list of identified users, Click here.

Forum map
Bestofmedia Forum ©
2000-2009 Bestofmedia Group
Page generated in 0.172 seconds
Please mind

You are about to answer a thread that has been inactive for more than 6 months.
If you still wish to proceed, please ensure that your posting is original and does not duplicate or overlap any prior responses to this thread.

Add a reply Cancel
Sponsored links
  • Ask the community now
  • Publish
Ad
They won a badge
Join us in greeting them
How do I win badges?