Deployment Solution

 View Only

  • 1.  DS Multiple Domains (no trust relationships)

    Posted Mar 02, 2009 12:08 PM
    Our DS imaging server resides on a development domain. We currently have two one way non-transitive trusts setup between our development and production domains. Sometime in the near future we will need to managing imaging on computers on both of the domains and remove the trust relationships between the domains.

    Question: Can DS manage computers on mutliple domains where there is no trust relationships between the domains?

    Background:
    Right now our DS imaging server only manages computers that are members of our development domain.

    In the near future we are planning on severing the trust relationship between the development and production domains.

    Some of the computers (development 2nd computers) that are currently being managed by our DS server reside on the production network segment and are members of our development domain. When we sever the trust relationship between development and production domains these computers will need to be moved over to the production domain.

    I am hoping that DS can handle imaging and post configuration on multiple domains with new trust relationships between the domains.





  • 2.  RE: DS Multiple Domains (no trust relationships)

    Posted Mar 02, 2009 05:30 PM
    I am pretty sure this is possible as you can save credentials for each domain.


  • 3.  RE: DS Multiple Domains (no trust relationships)

    Posted Mar 02, 2009 11:19 PM
    Altiris doesn't care about trusts between domains or how many domains you've got.

    All you need to do is list the administrator accounts for each domain, which are to be used by your Altiris jobs. In your DS console go to Tools > Options > Domain Accounts.

    ~Mike~


  • 4.  RE: DS Multiple Domains (no trust relationships)

    Posted Mar 03, 2009 01:59 AM
    Clarifications on Mike's post above: It does not need to be a domain administrator. The account used only needs to have rights to add a machine to the domain. In fact, it is not recommended from a security aspect to use a domain admin account. In fact, I have an altiris service account that does not have any rights to the domain other than to add machines to the domain (it cannot even be logged in to the domain).


  • 5.  RE: DS Multiple Domains (no trust relationships)

    Posted Mar 03, 2009 05:46 AM
    Thanks for the clarification Brian. I've got too used to working in a lab environment :-o

    Re the original post, I assume that there's not going to be any physical separating of the network except for the removal of trust relationships? There is mention of segments... of course I don't need to say that the DS will need to be able to physically see all of the clients.


  • 6.  RE: DS Multiple Domains (no trust relationships)

    Posted Mar 03, 2009 06:08 AM
    There will be a firewall between the lab and production network segments. I found a KB article that goes over what ports on the firewall that need to be opened up.

    https://kb.altiris.com/article.asp?article=22325&p=1