Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

How to resolve Win2k Domain name conflict with an existing NT 4 Domain

Posted on 2003-11-13
4
Medium Priority
?
657 Views
Last Modified: 2010-03-19
Greetings Everyone,
I'm currently trying to extend our Win2k Domain to our remote offices through VPN tunnels on SonicWall gear.  Subnets have been created and the VPN tunnels are up.  I can see both sides of the networks from either location.
Memphis is our HQ.  The Win2k Domain "Wunderlichsecurities.com" is running with 3 DCs and 60 local clients.
Houston has been running their own NT 4 domain. "Wunderlich"
Problem is that the domain name is the same as our NetBios Win2k Domain in Memphis.
When the VPN tunnel is up, an election is forced on the network and the Houston NT4 servers basically win.  Which wreaks havoc when trying to do anything in AD.  Temporarily I have taken down the VPN link.

Eventually I will build another DC here in Memphis, replicate AD and send it to Houston.
1.  Is that the best way to extend the domain to Houston?  Should the server be built in Houston on the different subnet and replicate AD over the VPN link?
2.  Until then, should I trust the existing NT domain to our Win2K domain?  Can you trust a domain by the same name?

Houston is just the first site I'm doing, I have 3 other locations to do also, so this will set the blueprint for how I do the other locations.
Thanks
0
Comment
Question by:MCSE2B
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 5

Expert Comment

by:vtobusman
ID: 9740127
I far as i know you cannot have 2 same names in the domin sorry ...

 how ever setting up you domain controller.. set it up in the new office...
that way you dont have to reconfigure it once its the and let it replicate across the vpn link..
also dont forget to designate the server as a bridgehead server so that the replication wont use all of yoou bandwith...
check this link
this is a link explaning what a bridgehead server is
 http://www.jsiinc.com/SUBG/TIP3000/rh3003.htm
and these are hot to configure a bridgehead server
http://support.microsoft.com/?kbid=320824#4
and
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windowsserver2003/proddocs/entserver/dssite_make_bridgehead.asp

  good luck hope this helps
0
 
LVL 1

Expert Comment

by:riannuzzi
ID: 9759696
Win2k domains use AD DNS, NT4 domains use Netbios.

I understand your domain name problem. Merging an NT4.0 domain to a WIn2k domain does not promote harmony and does not gain any of the administrative advantages of WIN2k.

The correct way to do it would be just as you said. Build a WIN2k dc server in Memphis and take it to Houston. You want to keep this new server on a separate subnet as you do not want broadcasts from authenticating houston clients going to Memphis. You want the Houston DC to be king of his subnet sort of speak.

As far as a temporary solution goes, you might want to set up a trust relationship between the 2, this will work, but keep them on a separate subnet. The easiest way to do that is to put an extra nic on the PDC in houston and enable routing -or- use an extra interface on your router/firewall in Houston.
0
 

Author Comment

by:MCSE2B
ID: 9763587
Ok, so for subnets, will Win2k automatically create a new subnet when I change the IP of the Houston server to 192.168.14.2 (Houston subnet) instead of 192.168.1.2 (Memphis subnet)?  
Then I should just have to bump the Houston DC to a bridgehead right?
I can see the workflow in my head... but not quite fully detailed!
Thanks!
0
 
LVL 1

Accepted Solution

by:
riannuzzi earned 2000 total points
ID: 9764177
OK. The best way to do this would be to migrate the NT4.0 domain to Win2K, this might be a lot of work if you have mail and database servers that require domain authentication but this should be in your plans.

A temp approach would be to bring the Win2k server to Houston put an extra nic in it and enable IP forwarding. Make it a bridgehead. Leave your Houston Subnet in the 192.168.14.x subnet. On the Houston subnet NIC put in an IP address of 192.168.14.1, disconnect the firewall which is using this IP address presently, have all clients point to the win2k server as the default gateway. Change the internal interface on the firewall to 192.168.100.1, give the other nic on the win2k bridgehead server an IP of 192.168.100.2 and use the firewall as the default gateway, do not put a gateway on the win2k machine for the 192.168.14.x subnet. All requests will not be forced to go to the win2k machine. Before doing that make sure AD is synched to Memphis and create a trust between the win2k and nt domains...

There are a few other details I'm sure you can work out. Good luck...

0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Trying to figure out group policy inheritance and which settings apply where can be a chore.  Here's a very simple summary I've written which might help.  Keep in mind, this is just a high-level conceptual overview where I try to avoid getting bogge…
Resolve DNS query failed errors for Exchange
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question