MCSE2B
asked on
How to resolve Win2k Domain name conflict with an existing NT 4 Domain
Greetings Everyone,
I'm currently trying to extend our Win2k Domain to our remote offices through VPN tunnels on SonicWall gear. Subnets have been created and the VPN tunnels are up. I can see both sides of the networks from either location.
Memphis is our HQ. The Win2k Domain "Wunderlichsecurities.com"
Houston has been running their own NT 4 domain. "Wunderlich"
Problem is that the domain name is the same as our NetBios Win2k Domain in Memphis.
When the VPN tunnel is up, an election is forced on the network and the Houston NT4 servers basically win. Which wreaks havoc when trying to do anything in AD. Temporarily I have taken down the VPN link.
Eventually I will build another DC here in Memphis, replicate AD and send it to Houston.
1. Is that the best way to extend the domain to Houston? Should the server be built in Houston on the different subnet and replicate AD over the VPN link?
2. Until then, should I trust the existing NT domain to our Win2K domain? Can you trust a domain by the same name?
Houston is just the first site I'm doing, I have 3 other locations to do also, so this will set the blueprint for how I do the other locations.
Thanks
I'm currently trying to extend our Win2k Domain to our remote offices through VPN tunnels on SonicWall gear. Subnets have been created and the VPN tunnels are up. I can see both sides of the networks from either location.
Memphis is our HQ. The Win2k Domain "Wunderlichsecurities.com"
Houston has been running their own NT 4 domain. "Wunderlich"
Problem is that the domain name is the same as our NetBios Win2k Domain in Memphis.
When the VPN tunnel is up, an election is forced on the network and the Houston NT4 servers basically win. Which wreaks havoc when trying to do anything in AD. Temporarily I have taken down the VPN link.
Eventually I will build another DC here in Memphis, replicate AD and send it to Houston.
1. Is that the best way to extend the domain to Houston? Should the server be built in Houston on the different subnet and replicate AD over the VPN link?
2. Until then, should I trust the existing NT domain to our Win2K domain? Can you trust a domain by the same name?
Houston is just the first site I'm doing, I have 3 other locations to do also, so this will set the blueprint for how I do the other locations.
Thanks
Win2k domains use AD DNS, NT4 domains use Netbios.
I understand your domain name problem. Merging an NT4.0 domain to a WIn2k domain does not promote harmony and does not gain any of the administrative advantages of WIN2k.
The correct way to do it would be just as you said. Build a WIN2k dc server in Memphis and take it to Houston. You want to keep this new server on a separate subnet as you do not want broadcasts from authenticating houston clients going to Memphis. You want the Houston DC to be king of his subnet sort of speak.
As far as a temporary solution goes, you might want to set up a trust relationship between the 2, this will work, but keep them on a separate subnet. The easiest way to do that is to put an extra nic on the PDC in houston and enable routing -or- use an extra interface on your router/firewall in Houston.
I understand your domain name problem. Merging an NT4.0 domain to a WIn2k domain does not promote harmony and does not gain any of the administrative advantages of WIN2k.
The correct way to do it would be just as you said. Build a WIN2k dc server in Memphis and take it to Houston. You want to keep this new server on a separate subnet as you do not want broadcasts from authenticating houston clients going to Memphis. You want the Houston DC to be king of his subnet sort of speak.
As far as a temporary solution goes, you might want to set up a trust relationship between the 2, this will work, but keep them on a separate subnet. The easiest way to do that is to put an extra nic on the PDC in houston and enable routing -or- use an extra interface on your router/firewall in Houston.
ASKER
Ok, so for subnets, will Win2k automatically create a new subnet when I change the IP of the Houston server to 192.168.14.2 (Houston subnet) instead of 192.168.1.2 (Memphis subnet)?
Then I should just have to bump the Houston DC to a bridgehead right?
I can see the workflow in my head... but not quite fully detailed!
Thanks!
Then I should just have to bump the Houston DC to a bridgehead right?
I can see the workflow in my head... but not quite fully detailed!
Thanks!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
how ever setting up you domain controller.. set it up in the new office...
that way you dont have to reconfigure it once its the and let it replicate across the vpn link..
also dont forget to designate the server as a bridgehead server so that the replication wont use all of yoou bandwith...
check this link
this is a link explaning what a bridgehead server is
http://www.jsiinc.com/SUBG/TIP3000/rh3003.htm
and these are hot to configure a bridgehead server
http://support.microsoft.com/?kbid=320824#4
and
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windowsserver2003/proddocs/entserver/dssite_make_bridgehead.asp
good luck hope this helps