Solved

How to resolve Win2k Domain name conflict with an existing NT 4 Domain

Posted on 2003-11-13
4
649 Views
Last Modified: 2010-03-19
Greetings Everyone,
I'm currently trying to extend our Win2k Domain to our remote offices through VPN tunnels on SonicWall gear.  Subnets have been created and the VPN tunnels are up.  I can see both sides of the networks from either location.
Memphis is our HQ.  The Win2k Domain "Wunderlichsecurities.com" is running with 3 DCs and 60 local clients.
Houston has been running their own NT 4 domain. "Wunderlich"
Problem is that the domain name is the same as our NetBios Win2k Domain in Memphis.
When the VPN tunnel is up, an election is forced on the network and the Houston NT4 servers basically win.  Which wreaks havoc when trying to do anything in AD.  Temporarily I have taken down the VPN link.

Eventually I will build another DC here in Memphis, replicate AD and send it to Houston.
1.  Is that the best way to extend the domain to Houston?  Should the server be built in Houston on the different subnet and replicate AD over the VPN link?
2.  Until then, should I trust the existing NT domain to our Win2K domain?  Can you trust a domain by the same name?

Houston is just the first site I'm doing, I have 3 other locations to do also, so this will set the blueprint for how I do the other locations.
Thanks
0
Comment
Question by:MCSE2B
  • 2
4 Comments
 
LVL 5

Expert Comment

by:vtobusman
ID: 9740127
I far as i know you cannot have 2 same names in the domin sorry ...

 how ever setting up you domain controller.. set it up in the new office...
that way you dont have to reconfigure it once its the and let it replicate across the vpn link..
also dont forget to designate the server as a bridgehead server so that the replication wont use all of yoou bandwith...
check this link
this is a link explaning what a bridgehead server is
 http://www.jsiinc.com/SUBG/TIP3000/rh3003.htm
and these are hot to configure a bridgehead server
http://support.microsoft.com/?kbid=320824#4
and
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windowsserver2003/proddocs/entserver/dssite_make_bridgehead.asp

  good luck hope this helps
0
 
LVL 1

Expert Comment

by:riannuzzi
ID: 9759696
Win2k domains use AD DNS, NT4 domains use Netbios.

I understand your domain name problem. Merging an NT4.0 domain to a WIn2k domain does not promote harmony and does not gain any of the administrative advantages of WIN2k.

The correct way to do it would be just as you said. Build a WIN2k dc server in Memphis and take it to Houston. You want to keep this new server on a separate subnet as you do not want broadcasts from authenticating houston clients going to Memphis. You want the Houston DC to be king of his subnet sort of speak.

As far as a temporary solution goes, you might want to set up a trust relationship between the 2, this will work, but keep them on a separate subnet. The easiest way to do that is to put an extra nic on the PDC in houston and enable routing -or- use an extra interface on your router/firewall in Houston.
0
 

Author Comment

by:MCSE2B
ID: 9763587
Ok, so for subnets, will Win2k automatically create a new subnet when I change the IP of the Houston server to 192.168.14.2 (Houston subnet) instead of 192.168.1.2 (Memphis subnet)?  
Then I should just have to bump the Houston DC to a bridgehead right?
I can see the workflow in my head... but not quite fully detailed!
Thanks!
0
 
LVL 1

Accepted Solution

by:
riannuzzi earned 500 total points
ID: 9764177
OK. The best way to do this would be to migrate the NT4.0 domain to Win2K, this might be a lot of work if you have mail and database servers that require domain authentication but this should be in your plans.

A temp approach would be to bring the Win2k server to Houston put an extra nic in it and enable IP forwarding. Make it a bridgehead. Leave your Houston Subnet in the 192.168.14.x subnet. On the Houston subnet NIC put in an IP address of 192.168.14.1, disconnect the firewall which is using this IP address presently, have all clients point to the win2k server as the default gateway. Change the internal interface on the firewall to 192.168.100.1, give the other nic on the win2k bridgehead server an IP of 192.168.100.2 and use the firewall as the default gateway, do not put a gateway on the win2k machine for the 192.168.14.x subnet. All requests will not be forced to go to the win2k machine. Before doing that make sure AD is synched to Memphis and create a trust between the win2k and nt domains...

There are a few other details I'm sure you can work out. Good luck...

0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

A brief overview to explain gateways, default gateways and static routes OR NO - you CANNOT have two default gateways on the same server, PC or other Windows-based network device. In simple terms a gateway is formed when a computer such as a serv…
Nslookup is a command line driven utility supplied as part of most Windows operating systems that can reveal information related to domain names and the Internet Protocol (IP) addresses associated with them. In simple terms, it is a tool that can …
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now