RE: Question about mirroring - toasters

27 Jun 2003


      Actually, this would require at least one trust to be established between
NTDom1 and NTDom2.  NTDom2 must be trusting of NTDom1 in order for FilerB
to see the Global Groups in NTDom1.  If there's no trust, then there isn't
a way to see/use the groups in the other domain.  However, once you create
the trust, you shouldn't have to do anything else (i.e. no local groups to
manage).  FilerB should be able to see all groups in NTDom1.
Now assuming that this is for disaster recovery, there is a small problem.
Let's say Mr. Stay-Puft takes out SiteA.  NTDom1 no longer exists so
FilerB is unable to resolve SID information on NTDom1 global groups (the
effect is no access for anyone with an account in NTDom1).  A simple, but
effective remedy for this would be installing a BDC for NTDom1 one at
SiteB.  When Mr. Stay-Puft comes around, all you have to do is promote the
BDC for NTDom1 at SiteB to the PDC for NTDom1.  FilerB won't have any
problems in this case.
Jeff Mery, MCP
National Instruments
--------------------------------------------------------------------------
--
"Allow me to extol the virtues of the Net Fairy, and of the fantastic
dorks that make the nice packets go from here to there. Amen."
TB (www.penny-arcade.com)
--------------------------------------------------------------------------
--
-----Original Message-----
From: owner-toasters@mathworks.com [mailto:owner-toasters@mathworks.com]
On Behalf Of Holland, William L
Sent: Friday, June 27, 2003 4:37 AM
To: 'toasters@mathworks.com'
Subject: RE: Question about mirroring
An idea I came up with and am currently testing is:
Connect to FilerA via a Win2K management console and add local groups.
Then add users from NTDom1 to the FilerA groups.  These groups would, of
course, have to be documented so that they can be created on FilerB in
NTDom2 should the need ever arise.  The groups on FilerB would then be
populated with users from NTDom2.  This seems like it would preserve the
overall security structure of the volumes being mirrored and not require
any significant reconfiguration on NTDom2.
-----Original Message-----
From: Manish Anand Kinnerkar [mailto:Mak@wipro.co.in]
Sent: Friday, June 27, 2003 2:48 AM
To: toasters@mathworks.com
Subject: RE: Question about mirroring
This would be like a practical Disaster recovery scenario,
I believe FilerB will have all shares of FilerA intact within itslef.
After we make the mirror copy read write , the only problem we face now is
that the acl's on the shares are useless , as the uids/domain do not
exist.The authentication for this domain ceases to exist and thereby
access is not possible at share level.
FilerB cannot be a member of multiple domains at the same time, and  will
continue to reside in NTDom2 domain.
Now it will be upto the administrator to manage these shares .
Most logical thing to do would be to  reassign them to new userids (
corresponding to old users of NTDom1) in current domain NTDom2 as NTDom1
has ceased to exist.
Or create the NTDom1 domain all over again , but reassign share to the
recreated userids.
Experts on Windows Domain architecuture please comment on the same, coz
frankly i'm not an expert in Windows  :)
regards,
Mak.
-----Original Message----- 
From: Holland, William L [mailto:hollandwl@state.gov] 
Sent: Thu 6/26/2003 6:24 PM 
To: 'toasters@mathworks.com' 
Cc: 
Subject: Question about mirroring
Scenario:
FilerA is installed at SiteA mirroring to FilerB at SiteB.  Both are in
Windows networks and both are using CIFS.  SiteA is in NTDom1 and SiteB is
in NTDom2.  NTDom1 and NTDom2 are Windows NT domains, Active Directory is
not implemented, and their is no trust relationship between the two NT
Domains.  FilerA has been using global groups and users from NTDom1 on its
ACL's.
SiteA along with FilerA ceases to exist for whatever reason.  SiteB breaks
the mirror and brings the volumes mirrored from FilerA online.  Is it
possible to access the files on those shares since NTDom1 no longer
exists?