question

FabienBourqui-1602 avatar image
0 Votes"
FabienBourqui-1602 asked FanFan-MSFT commented

LDAP copy user to other Tree domain

Hello,

I'd like to know if it's possible to have a user sync between two domain, one master ans other as a tree domain added to the forest ?


As you can see in the picture, it's a particular infrastrcuture. We have a specifique entreprise AD, who's connected by an other Tree domain (dom2). The reason is administrative, entreprise AD is managed by someone else, and I manage dom2.

ADs are linked (trust) to use entreprise authentification and it works well. But if entreprise AD aren't responding, all authentification isn't working. And this is normal.

But, is it possible to sync users in a read only mode to dom2. So if entreprise AD are down, authentification will still be fonctunal.

Thanks for your help.

BR


105295-ad.jpg


windows-active-directory
ad.jpg (62.3 KiB)
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi,


Just want to confirm the current situations.
If there's anything you'd like to know, don't hesitate to ask.

Best Regards,

0 Votes 0 ·
FanFan-MSFT avatar image
0 Votes"
FanFan-MSFT answered

Hi,
Based on my understanding, there are 2 domains in the same forest, right?

Users can be migrated between domains or forests.
To understand your question more clearly, can you explain what do you exactly mean to when you said "ADs are linked (trust) to use entreprise authentification"?
What's the purpose you want to achieve?

Best Regards,

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

FabienBourqui-1602 avatar image
0 Votes"
FabienBourqui-1602 answered

Hi,

Thanks for your feedback, and sorry for the delay. COVID-19 second shot was quit challenging.

Exactly, two domain in the same forest.

I'd like to have a full copy of users and password from dom1 to dom2, automatically synchronised. Point is dom1 isn't safe enough and already crashed. So we lost all connexion LDAP and Radius on all our equipment.

On a web service, I successively tested LDAP authentification, settings based on dom2 but with suffix @dom1.com. But when on firewall I've block all traffic from dom1 to dom2, to test a crash, authentification failed.

Why this ? Because our user for laptop/desktop are in dom1. And we would like to use the same user for authentification on our devices but using dom2. We need a second domain (dom2) for specific user account and for security groups.


Is it understandable ?

Thanks for your feedback.

Best regads

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

FanFan-MSFT avatar image
0 Votes"
FanFan-MSFT answered

Hi,

I'm not sure how did you copy the users from dom1 to dom2, here are some of my views:

Since the dom1.com is already crashed, the user can't be used anymore since there are no DCs for authentication.
If you have a backup for it, you may consider restoring it.

If you don't need the dom1 anymore, you may try to do user accounts /computer accounts migration from dom1 to dom2.

Best Regards,

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

FabienBourqui-1602 avatar image
0 Votes"
FabienBourqui-1602 answered FanFan-MSFT commented

Hi,

Now I'm not copying any user.

If/when dom1 crash, I'n not able to restore or do anithing on it. It's managed by an external compagny. That's why I'd like to syncronise user on dom2.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi,
I'm afraid the users can't be synchronized from one domain to another (For the on-premise domain)
Best Regards,

0 Votes 0 ·