If you can avoid multiple domains I would. We had a forest with 3 domains when this network was created, but then built one large one from scratch last summer and migrated. Any setup with 3rd party products that support ldap authentication start to get really messy when there's multiple domains. Example, since we had 3 domains, we had to have 3 openfire servers for instant messaging. Openfire supports ldap auth against at most 2. 2 servers would have been more confusing than 3 for our purpose. Once we went to one domain, we went down to one openfire box. Cymphonix, same thing. Had to load 3 different AD agents into the content filter for it to work.
Having a domain trust is going to require additional servers and if we're talking additional boxes, might as well put 2008 on them and upgrade the current domain. That's the technical fix. Explanation of the technical gotcha to the administration might go nowhere but you could try. Curtis McKay Network Administrator Belleville Township High School District 201 [email protected]<mailto:[email protected]> From: [email protected] [mailto:[email protected]] On Behalf Of Ben Story Sent: Thursday, July 29, 2010 7:32 AM To: Tech-Geeks Mailing List Subject: Re: [tech-geeks] Password Restrictions - Windows 2003 Server What about making an overarching forest in AD with two domains (that trust each other). Then staff would just need to login as say [email protected] to use the same machines as the kids. On Thu, Jul 29, 2010 at 7:29 AM, Tom Wilson <[email protected]<mailto:[email protected]>> wrote: Currently our network is Windows based with our servers being 2003. In the past, our K-3 students have had accounts, but no passwords. I had staff and grades 4-8 set a password of 5 chars and just didn't tell them that it would accept blank passwords. I had to do it this way since 2003 server won't allow more than one password policy per domain. I am now being instructed to put strong password policies on the staff accounts. In order to do this, it would mean that all our students, including K-3 students, will have to somehow learn an 8 char password with 3 of 4 letters, numbers, caps, symbols, and then change it every 60 days without repeating the same password 6 times. I just can't fathom how a K-3 student will be able to do this on their own. If you have a 2003 environment, how do you handle the younger students passwords? Is there a way to somehow make a 2003 domain accept more than one password policy? Thanks, Tom Wilson Technology Coordinator/ Network Manager District 50 Schools Washington, IL (309) 745-9531 | Subscription info at http://www.tech-geeks.org | -- -- Ben Story CCSP, CCNA, CCNA Wireless, CCDA [email protected]<mailto:[email protected]> "You cannot escape the responsibility of tomorrow by evading it today. -- Abraham Lincoln
| Subscription info at http://www.tech-geeks.org |
