Re: Replication across non-trusted domains requires Win2k Application server and not Domain Controller????

From: Hilary Cotter (hilaryk_at_att.net)
Date: 03/08/04

• Next message: anonymous_at_discussions.microsoft.com: "Removed Attachments"
• Previous message: Joe Mine: "Replication across non-trusted domains requires Win2k Application server and not Domain Controller????"
• In reply to: Joe Mine: "Replication across non-trusted domains requires Win2k Application server and not Domain Controller????"
• Next in thread: Joe Mine: "Re: Replication across non-trusted domains requires Win2k Application server and not Domain Controller????"
• Reply: Joe Mine: "Re: Replication across non-trusted domains requires Win2k Application server and not Domain Controller????"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Mon, 8 Mar 2004 09:04:40 -0500

you can do it by using SQL authentication instead of NT authentication.

Make sure you craft a snapshot folder share that is not an admin share so
that the SQL Agent account on your subscriber has rights to read it. For a
non trusted domain this will probably involve hiding the share and giving
the share and underlying files and folders read access to the everyone
group.

"Joe Mine" <huytuanattpgdotcomdotau> wrote in message
news:uRQyZwQBEHA.2632@TK2MSFTNGP12.phx.gbl...
> To have two SQL servers in different domains, non-trusted to replicate
with
> each other, do they have to be installed upon a Windows 2K Application
> server without Active Directory? Or is it possible to install SQL server
> upon a Windows 2K Domain Controller(Server with Active directory
installed).
> Because if the Win 2k Server has Active Directory then I cannot create a
> pass-through account using the Local users and Groups snap-in because it
> will referred to use Active Directory snap-in. If just a Window 2k
> Application server without Active Directory, the local user and group
> snap-in is enable and it will be possible for me to create a pass-through
> account.
> The question is it possible to setup SQL server on the Domain
> Controller(with active directory) and possible to create a pass-through
> account that will allow replication across different non-trusted domains??
>
>
> _________________________________
> Hi Hilary, both SQL Servers are on Windows 2k Server with Active Directory
> running, in a windows 2K network all Servers are Domain Controller.
Because
> it has Active Directory, local users and groups snap in is disabled and
> referred to the Active Directory Snap in to create accounts. Is there any
> way to bypass Active Directory and create the account in local users and
> groups snap in??
> Or does it mean I have to install SQL Server on two Windows 2k Application
> Server in each domain without Active Directory to create the accounts and
> enable replication??
>
>
>
> "Hilary Cotter" <hilaryk@att.net> wrote in message
> news:#922q3sAEHA.2600@TK2MSFTNGP09.phx.gbl...
> > Are we talking about trying to create two accounts on the PDCs?
> >
> > If not, all you do is go to the local servers, Start, Programs,
> > Administrative Tools, Computer Management, Local Users and Groups. Right
> > click on the Users folder, add a user, make sure you deselect the User
> must
> > change password at next login. check password never expires. Click on
> > Create.
> >
> > Then return to Local Users and Groups. Then click on the Groups folder,
> > select the Administrators group. Add the newly created account there.
> >
> > Do this on both servers.
> >
> > "Joe Mine" <huytuanattpgdotcomdotau> wrote in message
> > news:uY2ZXknAEHA.2040@TK2MSFTNGP12.phx.gbl...
> > > I have great difficulty in getting the subscriber SQL server in (HOT
> > domain)
> > > to access the snapshot folder on the distributor/publisher SQL server
> in
> > > (NARC domain). They are non-trusted domains.
> > > I am aware that you must:
> > > 1) create a pass-through account on both Domains as eg. SQLadmin with
> same
> > > password. The problem is how do I create a local account in each
domain
> > in
> > > Active directory? If I go to active directory and create SQLadmin it
> > would
> > > be NARC\SQLadmin and HOT\SQLadmin because of windows2000 domain
> Active
> > > directory architecture. Therefore I do not understand how people can
> > > possibly create SQLadmin in both domains without the prefix??? Please
> > list
> > > the steps to create this accounts. Thanks
> > > 2)Then I must start SQL Server/ SQL Server agent using this SQLadmin
> > > account.
> > > 3)Then on the subscriber I must impersonate the SQL Server agent
account
> > > (SQLadmin).
> > >
> > > At the moment I got both SQL Servers successfully registered in both
> > domains
> > > even though non-trusted domains because I have open port 1433 to
listen.
> > But
> > > I cannot get the subscriber to access the snapshot folder in the
> > > distributor.
> > > I believe I am stuck at creating the SQLadmin account, and starting
SQL
> > > Server using this account. Please list the steps on how I would create
> the
> > > SQLadmin account in Windows2000 Active Directory. Thanks.
> > >
> > > Many people has directed me to look at KB article: 321822- How To
> > Replicate
> > > Between computers running SQL Server in Non-trusted domains or across
> the
> > > internet. Which I have already did for a whole year. But it lacks the
> > > procedures on creating the pass-through SQLadmin account and Starting
> SQL
> > > Agent under this account.
> > >
> > >
> >
> >
>
>

---

• Next message: anonymous_at_discussions.microsoft.com: "Removed Attachments"
• Previous message: Joe Mine: "Replication across non-trusted domains requires Win2k Application server and not Domain Controller????"
• In reply to: Joe Mine: "Replication across non-trusted domains requires Win2k Application server and not Domain Controller????"
• Next in thread: Joe Mine: "Re: Replication across non-trusted domains requires Win2k Application server and not Domain Controller????"
• Reply: Joe Mine: "Re: Replication across non-trusted domains requires Win2k Application server and not Domain Controller????"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: SQL account rights ... Please advice what is the best, suitable rights rather than domain admin ... issues, such as a server that might have IIS running on the same machine, ... applicable to SQL 2000 environment, ... files, or backups, make sure that the service account has Full ... (microsoft.public.sqlserver.security) RE: MP Install issue ... Where in the installation are you talking about specifying the account rather ... > MPDB ERROR - CONNECTION PARAMETERS ... > SQL Server Name: servername ... > with a trusted SQL Server connection. ... (microsoft.public.sms.setup) Re: SQL Express Fails with Hardware Error ... The LocalSystem account is a built-in account, ... which the SQL Service runs. ... MCSE, CCEA, Microsoft MVP - Terminal Server ... Minimum Hardware Requirement (Warning) ... (microsoft.public.sqlserver.setup) Re: SCCM with a remote SQL instance problems (IT IS NOT A WARNING) ... PreReq check is not a WARNING it is a FAILURE. ... account the run the SQL Server Service on the server, Domain Memberships, AD ... (microsoft.public.sms.installer) Re: Distributed Query - Linked Servers? ... In the case of SQL style accounts, it doesn't seem very secure to me, because the password will be transmitted over the network. ... it should also be able to work by setting up a credential and proxy account on Server1. ... In this case it could work with NTLM authentication. ... we just need to verify that the 2 sql server instances are under sql server and windows authentication mode and the sql account you use has the permission on the 2 sql server instances. ... (microsoft.public.sqlserver.server)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(14)