Jump to content
RESET Forums (homeservershow.com)

No direct, in-place upgrade path from Server 2012 Essentials to Essentials R2


msawyer91
 Share

Recommended Posts

I agree with Drashna & jem101: trying to join & unjoin Domains like that is a bag of hurt. One of these days, MS will figure out how to allow a computer to be a member of more than 1 Domain. They have to really; there are too many people starting to need it. That, or they'll have to come up with some other scheme entirely.

Link to comment
Share on other sites

  • Replies 43
  • Created
  • Last Reply

Top Posters In This Topic

  • Drashna Jaelre

    8

  • ikon

    10

  • msawyer91

    4

  • jem101

    5

Dual boot the system? That would work. :)

Not a great solution....

 

 

And Ikon, I doubt it. In fact, I think they've made it a lot harder to do so. :(

That, or EVERYTHING. EVERYTHING, even domains will be powered by Windows Live......................

Link to comment
Share on other sites

I doubt that MS will ever make it possible for a PC to be a member of two domains - at least I hope not.

 

You need to think about what a domain really is, it is a set of computer which share a common security context, a PC is controlled completely by the domain it is a member of - if I don't want users installing software, a quick group policy which gets pushed out to all clients and nobody gets to install anything.

 

So how could it work if a PC could be a member of two domains with two sets of (possibly conflicting) policies. I'd hate to have a situation where I could configure a nice, secure, locked-down desktop on a client PC only for it to be all undone by policies on another domain which I have no control over and no idea as to what is going on.

 

Chris's dual-boot idea would indeed be do'able but then you just might as well have two PCs.

 

John

Link to comment
Share on other sites

I was thinking along the lines of the way MS does file permissions: i.e. the most restrictive ones apply. I'm not saying it wouldn't be difficult, or even a mess. Come to think of it, isn't this exactly what 'Forests' are for?

Link to comment
Share on other sites

I was thinking along the lines of the way MS does file permissions: i.e. the most restrictive ones apply. I'm not saying it wouldn't be difficult, or even a mess. Come to think of it, isn't this exactly what 'Forests' are for?

 

Not quite, forests are groups of AD trees linked together by what are called 'transitive trusts' but the domains within the forest have a single 'root domain' and share a common global catalog. Whoever controls this root domain ultimately controls all of the domains under it - especially the security aspects.

 

If you have a dig around in AD you will find groups called Domain Admins (fairly straightforward) and something called Enterprise Admins. In most cases the two are synonymous (we don't often come across multi-domain set ups  other than in big enterprise arrangements) but a user who is a member of the Enterprise Admins group has more control over a domain than a user who is just in the Domain Admins group. You know about the five FSMO roles in a domain, well technically only three of them are domain specific, the Schema Master and Domain Naming Master roles are forest wide and there can be only one server holding each of these roles for the entire forest.

 

Either way an individual PC can only be a member of one domain and is subject to all of the policies in force all the way up the hierarchy of the tree.

 

I suppose what you could technically do would be to set up a standard two-way trust relationship between your home domain and work domain (say) and in that way you could bring home a work laptop, log in using your normal work credentials and the trust would allow the PC to access resources on your home network (and indeed vice-versa depending on how the trusts and group memberships were set up). You still wouldn't be able to install the 2012E connector though so PC backups would still be a problem, and I really can't see too many network admins taking kindly to the idea!

 

Actually no forget I said all of that - it really is just going to be a horrible mess anyway.

 

John

Link to comment
Share on other sites

LOL. Well, you were kinda leading in the area I was thinking about. You obviously have way, way more Domain knowledge than me, but I was thinking about trusts and such (I seem to recall that Trees in the Forest have to have trusts between them for there to be any real communication between them, but I could be remembering incorrectly). I only did a very little bit of work with Trusts and only for a very short time (days).

Link to comment
Share on other sites

Also, Microsoft does allow for two domains:

 

Your domain, and their's. You know "Microsoft Accounts"............. :)

 

 

 

And that's a lot of good AD info. :)

Link to comment
Share on other sites

  • 3 months later...

Does the release of Server 2012 Hyper-V (designed to be used as a base for all VM's) change this at all?

 

I', thinking (for me anyway)...

 

Install Hyper-V

Install 2012-E-R2

Install other VM's as required.

Link to comment
Share on other sites

Are you talking about the command line Hyper-V only server? If so, I think you're allowed to run as many VMs under that as you like. Maybe someone else can chime in on it too. I think a couple of members have, or are, actually using it.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share


×
×
  • Create New...