General discussion

Locked

subdomain profiles

By cavedweller ·
I am setting up a new (not-upgraded) Win 2000 installation. I have a master domain where I would like to create all the user accounts. I will have seperate subdomains by project. The projects are physically isolated within the same building. Getting users authenticated by the master domain is not a problem. Some users work on more than one project. I would like to have users receive a different roaming profile depending upon which project area (subdomain) they log in from. The project profile must come from the project server, not the master domain. I do not want to create different accounts for each project.

I have made this question worth a lot of points because I don't expect a trivial answer. I would prefer advise from administrators who have solved a similar problem over pure speculation.

This conversation is currently closed to new comments.

12 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

subdomain profiles

by warrenhill In reply to subdomain profiles

create a GPO and group your users to the sub domain, but give them delegated right to the main domain server so they can access applications or whatever.

Collapse -

subdomain profiles

by cavedweller In reply to subdomain profiles

This requires a different user account in each domain. I want to use the same account in all subdomains.

Collapse -

subdomain profiles

by Joseph Moore In reply to subdomain profiles

Ok, so let me see if I get this right. Some users will bounce from computer to computer, to work on different aspects of the project. And each different project area will be its own child domain of your master domain. You want the roaming users to use the same roaming profile, no matter what domain they log in from.
So, I guess I am confused as to what the problem is. When the roaming users move from machine to machine, they can select the master domain when they log in in the Domain drop-downbox. You don't have to make identical user accounts in each child domain. Since you have the child domains (and Win2K does transitive 2-way trusts by default), then there is no real problem. When user BOB (with a user account in DOMAIN.COM) sits down at a workstation that is a Computer member of PROJECT1.DOMAIN.COM, BOB can type in his user name, password, and then select the NetBIOS name of DOMAIN.COM in the Domain drop-down. When BOB then presses Ok, it will log him into DOMAIN.COM, and his roaming profile will be pushed onto the workstation.
If BOB does not change the domain drop-down, then he will get a login denied message, saying that user BOB does not exist in PROJECT1.DOMAIN.COM
The roaming profiles will load on the workstationsin PROJECT1.DOMAIN.COM just as long as a successful login into a trusted domain (DOMAIN.COM) is established.

hope this helps

Collapse -

subdomain profiles

by cavedweller In reply to subdomain profiles

Thanks but you missed the point. It is easy to get the same profile (in fact I have been unable to avoid it). I want to get a DIFFERENT roaming profile in each subdomain.

Collapse -

subdomain profiles

by IT Person In reply to subdomain profiles

My question is why use subdomains? You haven't specified why subdomains are needed. I am not sure what it is you are trying to achieve.

Based on what you have said I am assuming that you wish to map printers and resources depending on which project it is the employee is working on. There is no mention of different email accounts etc.

Do certain employee's need different profiles that others or can they all be the same? I am assuming the profiles will be the same.

I would not use roaming profiles for this at all because it appears that the location of the computer will dictate the resources available to the employee.

To accomplish this I would create either sites or organizational units with the pcs not the employee. Using group policies I can assign logon scripts that are dependant on the pc not the employee.

These logon scripts will map resources, but will not affect the permissions structure you have set up for your employees.

Please provide more info and I will attempt to provide a more detailed answer.

Wil

Collapse -

subdomain profiles

by cavedweller In reply to subdomain profiles

Thanks for your response. Please see the comments above.

Collapse -

subdomain profiles

by expertpc In reply to subdomain profiles

I will have to agree with Wil above. And I do not expect points for that alone.

I beleive you are asking for something that is not possible by just using Roaming profiles on user accounts.

I would assume the machine accounts reside in the domains for the project they are being used for. If this is the case then it is your only option for having different resources in different domains but all being accessed by the same user account. You will have to specify the resources by machine account. You will have to control resource access by ACLs defined on every resource granted to the individual computers.

Good luck!

Please explain in more detail why you need to seperate the projects into seperate domains instead of just using OUs orother alternatives.

Pat

Collapse -

subdomain profiles

by cavedweller In reply to subdomain profiles

Thanks for your response. Please see the comments above.

Collapse -

subdomain profiles

by Frobo In reply to subdomain profiles

Hi,
I agree with Anwser 3 and 4 cause: Domains are Security boundaries and Users have only one Profile and this is stored in AD. You sould use GPOs depending on Computer Accounts to change User Seetings depending on which Domain the Computer belongs. Their you can run several scripts to make the changes your User needs. For Example use the logonserver variable to determine on which DC the user is authenticated, and then run the normal tasks like shares etc. If you have planed your sites good,so it will work. Normaly w2k Clients prefers the DC in his Site for authentication.

Regards

Frobo

PS: With Startup and Shutdown Scripts you can easily change the Profilepath in AD for the USer, depending on the Machine and which domain he belongs. But don't forget to make an GPO wich will empty the cached Profile on the lokal Machine. This secures your stored Profiles on the Network for that user.

Collapse -

subdomain profiles

by cavedweller In reply to subdomain profiles

Thanks for your response. Please see the comments above.

Back to Windows Forum
12 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums