Q: We have just merged with another company that has five offices in Europe. We are running a Windows 2000 AD domain and they are running NT4 that covers all the offices. We have some applications they need to use and they have some we need but security is an issue as another company is supporting their network.
I would like to know what other companies are doing in this situation with regards to Active Directory with mergers and different countries involved and the best way to set this up also for email processing (Exchange 2000).
A: In cases where there are significant security differences between merged companies, you will want to create separate domains. Even if the European domain is NT 4.0, you can still establish a trust relationship with the other domain. Using a trust does not imply rights on the other domain. So, each entity (you and the other company) can control who has access to resources within your domain.
If the other company can upgrade to Windows 2000 and AD, life will be much easier. Windows 2000/NT 4.0 domain trusts can problematic at times. Establishing good names resolution between the domains will be important; keep in mind Windows 2000 focuses on DNS while NT 4.0 leverages mostly WINS. You may need to utilize LMHOST entries on the Domain Controller from each domain to insure proper resolution until everyone is on Windows 2000 and leveraging DNS.
This was first published in August 2005