Same name for workgroup and AD domain?

TheMSsForum.com: The Microsoft Software Forum

We have some machines on our network that belong to a workgroup with the same
name as our Windows AD domain. Are there any security issues that may affect
our domain controllers if a workgroup with the same domain name exists?

Thanks,

Kurt
Top

RE: Same name for workgroup and AD domain? by WongTuckWah

WongTuckWah
Mon May 22 10:53:02 CDT 2006

It is possible to have both of them having the same name.

If the workgroup name matches a domain name, then the computer name appears
in the browse list for that domain.

If a pc has 2 nic, one has address to the workgroup and the other has the
address to the domain, you will be able to connect to both at the same time.

HTH.


"Kurt Ehland" wrote:

> We have some machines on our network that belong to a workgroup with the same
> name as our Windows AD domain. Are there any security issues that may affect
> our domain controllers if a workgroup with the same domain name exists?
>
> Thanks,
>
> Kurt
Top

Re: Same name for workgroup and AD domain? by Lanwench

Lanwench
Mon May 22 13:12:36 CDT 2006



In news:71EC6D1C-4E13-4B1E-8AA4-286FC9C3AC72@microsoft.com,
Kurt Ehland <KurtEhland@discussions.microsoft.com> typed:
> We have some machines on our network that belong to a workgroup with
> the same name as our Windows AD domain. Are there any security issues
> that may affect our domain controllers if a workgroup with the same
> domain name exists?
>
> Thanks,
>

> Kurt

Yes, you will probably have security issues, but they aren't related to the
naming convention for the workgroup...they're related to the fact that
non-domain computers are sharing the network with your servers/domain
computers.

If they can't be joined to the domain for some reason, I'd probably want to
isolate them on a VLAN or separate switch so they can't touch the
domain...although my first choice would be to join them to the domain if
they're related to your business at all.

At the very least, make sure the computer browser service is stopped &
disabled on these workstations, if they must remain on the same network - or
you'll likely run into master browser problems. I tend to do this for domain
computers as well (via GPO) as a matter of course....it's probably
old-fashioned of me, but it works.


Top

Re: Same name for workgroup and AD domain? by S

S
Tue May 23 05:45:28 CDT 2006

There is no security issue apart from apparently bad system administration
of the infrastructure in question.

--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

"Kurt Ehland" <KurtEhland@discussions.microsoft.com> wrote in message
news:71EC6D1C-4E13-4B1E-8AA4-286FC9C3AC72@microsoft.com...
> We have some machines on our network that belong to a workgroup with the
> same
> name as our Windows AD domain. Are there any security issues that may
> affect
> our domain controllers if a workgroup with the same domain name exists?
>
> Thanks,
>
> Kurt


Top

Re: Same name for workgroup and AD domain? by Steven

Steven
Wed May 24 20:21:29 CDT 2006

Assuming users in the workgroup do not have a user account with the same
password that exists in the domain there are no security implications from
that alone. In My Network Places the computers from both will appear under
the same domain/workgroup name. --- Steve


"Kurt Ehland" <KurtEhland@discussions.microsoft.com> wrote in message
news:71EC6D1C-4E13-4B1E-8AA4-286FC9C3AC72@microsoft.com...
> We have some machines on our network that belong to a workgroup with the
> same
> name as our Windows AD domain. Are there any security issues that may
> affect
> our domain controllers if a workgroup with the same domain name exists?
>
> Thanks,
>
> Kurt


Top