Vernon Weisenburg
Guest
|
 Posted:
Tue Nov 08, 2005 9:51 pm Post subject:
RE: AD Design issues - Need some quick help! |
|
|
Here is how I have done this in the past:
1. Create seperate OU's for each company.
If you have Exchange installed and have already added the SMTP domains to
the orgranization you can skip step 2.
2. Add a UPN suffix to the forest for each company
(http://support.microsoft.com/?kbid=243629) that matches the SMTP domain.
3. Set the UPN Suffix for all users in each OU to match their company's SMTP
domain. You can either multi-select the user accounts in the ADUC and select
the UPN there or create a script that will change the UPN.
All this provides you with however is a company specific logon experience
and organizes the users into relevant groupings for security or
administration. To maintain seperation of other items such as GAL's, access
to data, etc. you will need to design an authorization methdology based
around the OU groupings.
"dc" wrote:
| Quote: | After reading all of the informative posts I now know two ADs cannot be
on the same box unless some type of virtual server is used. I'm trying
not to do that. My problem is this - I have a new W2K server box
running DNS and another W2K3 server box. I would like to have users
log on using their respective company email addresses (to the W2K3
server) but I'm not quite sure how to do this or even if it can be
done. I think OUs will keep data and such separate. Any and all help
would be appreciated.
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in