• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 659
  • Last Modified:

How to resolve Win2k Domain name conflict with an existing NT 4 Domain

Greetings Everyone,
I'm currently trying to extend our Win2k Domain to our remote offices through VPN tunnels on SonicWall gear.  Subnets have been created and the VPN tunnels are up.  I can see both sides of the networks from either location.
Memphis is our HQ.  The Win2k Domain "Wunderlichsecurities.com" is running with 3 DCs and 60 local clients.
Houston has been running their own NT 4 domain. "Wunderlich"
Problem is that the domain name is the same as our NetBios Win2k Domain in Memphis.
When the VPN tunnel is up, an election is forced on the network and the Houston NT4 servers basically win.  Which wreaks havoc when trying to do anything in AD.  Temporarily I have taken down the VPN link.

Eventually I will build another DC here in Memphis, replicate AD and send it to Houston.
1.  Is that the best way to extend the domain to Houston?  Should the server be built in Houston on the different subnet and replicate AD over the VPN link?
2.  Until then, should I trust the existing NT domain to our Win2K domain?  Can you trust a domain by the same name?

Houston is just the first site I'm doing, I have 3 other locations to do also, so this will set the blueprint for how I do the other locations.
Thanks
0
MCSE2B
Asked:
MCSE2B
  • 2
1 Solution
 
vtobusmanCommented:
I far as i know you cannot have 2 same names in the domin sorry ...

 how ever setting up you domain controller.. set it up in the new office...
that way you dont have to reconfigure it once its the and let it replicate across the vpn link..
also dont forget to designate the server as a bridgehead server so that the replication wont use all of yoou bandwith...
check this link
this is a link explaning what a bridgehead server is
 http://www.jsiinc.com/SUBG/TIP3000/rh3003.htm
and these are hot to configure a bridgehead server
http://support.microsoft.com/?kbid=320824#4
and
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windowsserver2003/proddocs/entserver/dssite_make_bridgehead.asp

  good luck hope this helps
0
 
riannuzziCommented:
Win2k domains use AD DNS, NT4 domains use Netbios.

I understand your domain name problem. Merging an NT4.0 domain to a WIn2k domain does not promote harmony and does not gain any of the administrative advantages of WIN2k.

The correct way to do it would be just as you said. Build a WIN2k dc server in Memphis and take it to Houston. You want to keep this new server on a separate subnet as you do not want broadcasts from authenticating houston clients going to Memphis. You want the Houston DC to be king of his subnet sort of speak.

As far as a temporary solution goes, you might want to set up a trust relationship between the 2, this will work, but keep them on a separate subnet. The easiest way to do that is to put an extra nic on the PDC in houston and enable routing -or- use an extra interface on your router/firewall in Houston.
0
 
MCSE2BAuthor Commented:
Ok, so for subnets, will Win2k automatically create a new subnet when I change the IP of the Houston server to 192.168.14.2 (Houston subnet) instead of 192.168.1.2 (Memphis subnet)?  
Then I should just have to bump the Houston DC to a bridgehead right?
I can see the workflow in my head... but not quite fully detailed!
Thanks!
0
 
riannuzziCommented:
OK. The best way to do this would be to migrate the NT4.0 domain to Win2K, this might be a lot of work if you have mail and database servers that require domain authentication but this should be in your plans.

A temp approach would be to bring the Win2k server to Houston put an extra nic in it and enable IP forwarding. Make it a bridgehead. Leave your Houston Subnet in the 192.168.14.x subnet. On the Houston subnet NIC put in an IP address of 192.168.14.1, disconnect the firewall which is using this IP address presently, have all clients point to the win2k server as the default gateway. Change the internal interface on the firewall to 192.168.100.1, give the other nic on the win2k bridgehead server an IP of 192.168.100.2 and use the firewall as the default gateway, do not put a gateway on the win2k machine for the 192.168.14.x subnet. All requests will not be forced to go to the win2k machine. Before doing that make sure AD is synched to Memphis and create a trust between the win2k and nt domains...

There are a few other details I'm sure you can work out. Good luck...

0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now