We have an interesting situation.
We have two domains, one, called Smith(not really, but you get the idea) which is our main office based domain against which users are authenticated on login.
Another domain is hosted, and has a couple of servers running a database (SQL Server) server and SharePoint. The problem is that this domain is also called Smith.
How can we synchronise the users passwords between these two domains ?
Can we setup a trust between them (even though they have the same names) and have these users be able to access sharepoint and SQL Server through Windows Authenticated mode ?
If not, do you have any ideas as to how we could achieve this ?
Cheers
Nick
Eww! There'll be no trust relationship for you if both the domains have the same name. The domains are essentially "the same" as far as DNS knows, and getting name resolution to work for both domains simultaneously from a single DNS server would have to be a major hack. There would be conflicting records from both domains (the domain's "A" record, for example) that can't "co-exist" in a hacked up amalgamation of both DNS domains, too. What you have there we in "the business" call A Real Mess(tm).
I'm not even sure that Microsoft's Identity Lifecycle Manager could handle synchronizing the passwords because of the name resolution ambiguity between the domains. I don't know enough about the product to say definitively. I can say that it appears to be very expensive. I'd avoid it, and other directory "synchronization" products if at all possible, if only because it's adding a lot of needless complexity.
I'd strongly consider renaming one of the domains. Have a look at the article here: https://web.archive.org/web/1/http://techrepublic%2ecom%2ecom/5208-6230-0.html?forumID=102&threadID=229757&start=0 It's a very straightforward process, and gives you the best possible configuration (unique domain names) moving forward.
I haven't renamed a domain that was as complex as the one in the article, but small domains w/ a couple of DCs and some lab examples that were slightly more complex seemed to go fine.