Solved

Creating Multiple domains using 1 domain controller

Posted on 2004-08-18
7
331 Views
Last Modified: 2010-04-11
Hey Gang:

I have a question concerning my network.  Currently I have one domain (XYZ).  I'm using SBS2000 and have approximately 20 users.  What I would like to do is the following:

1) Add a new Server to the domain

2) Create a new sub-domain (if possible - ABC)

3)  Have certain people set up in Domain ABC and the rest in the original Domain (XYZ).

The reason for this is we are adding a few people who will be sharing our resources (Internet access) and I would like them to be a mini network.

Please let me know how I can accomplish these tasks.  Right now I have some one who has access to the internet, but I have not added their computer to the domain, but I would like a cleaner way to do this.

Thanks for your help

jocasio
0
Comment
Question by:Juan Ocasio
  • 3
  • 2
  • 2
7 Comments
 
LVL 1

Expert Comment

by:Serpent77
ID: 11834404
ok, here's the low down in order...

1.  feel free to add another server, just make sure to have a SBS CAL for it (see the MS website faq here:http://www.microsoft.com/sbserver/community/sbs_faq.asp)

2. no new domains.  Sorry SBS supports single domain created at installation, and is not allowed to participate in trees or forests.

3. see #2

For a resolution to your problem you can simply set up ICS on the server and route everyone through (or nix the default gateway on the clients to prevent their access as a crude block.  You should also be able to block their access via the the firewall on the server (ISA), though I've never bothered to set that up and play with it before.

Another alternative would be to dual home the server (install two netcards with seperate IP addresses) and a router.  include a default route for those you want to allow access to the net, and don't include one for the other subnet.  If you need more explanation, feel free to ask.  This is really not too difficult ot set up once you've done it a few times.  

--Serp
0
 
LVL 15

Expert Comment

by:scampgb
ID: 11834429
Hi jocasio123,

You can't create "subdomains" in this way.  Each domain needs it's own domain controller(s), although you can create "forests" of domains.

I would suggest that you use Organisational Units (OUs) for what you want to achieve.  This will allow you to control network policies for your guest users seperately from your main users.

I hope that this helps - let me know if you need any further help.
0
 
LVL 14

Author Comment

by:Juan Ocasio
ID: 11834589
Thanks for the reply:

The new server is a windows 2003 server.  Do I have to do anything to have the resources on this machine available to other users?  (We added another Server (Win 2K Server) about  6 months ago and I'm not sure if I added it right.  If I try to access it whenI VPN into my network, I can never get it to work right....

Getting back to our guests:

I want everybody in the office to be able to access the internet.  I guess my biggest problem is that I need to segregate these 4 people into their own separate workgroup (should I use this methodolgy) and at the same time prevent them from accessing the resources on our main server.  The new server will basically be for them so I would like to have the server and all of it's resources available to them.  FOr the Organizattional Units, will I still add them as users of the domain and then just segregate them?  Right now I have a couple of people who we are doing the same thing for set up as separate workgroups and have mapped networked Printers to their machines using a TCP port.  I definitely want to clean that up.

Also, if you can point me to any readings on this, I am willing to learn (as opposed to being stepped through the process - although I don't object to that).

Many, many thanks for your help!!!

jocasio
0
Scale it in WD Gold

With up to ten times the workload capacity of desktop drives, WD Gold hard drives employ advanced technology to deliver among the best in reliability, capacity, power efficiency and performance.

 
LVL 15

Accepted Solution

by:
scampgb earned 140 total points
ID: 11835795
Probably the simplest way of doing all this is as I described, using OUs.
You can control who has access to each server's resources (file shares, printers, databases etc) with reference to the Active Directory (AD)

It's important that you get your AD design right though.  It's a real pain if you have to completely rethink your plans after you've implemented it.

Essentially, you can do everything you want to achieve - but it'll take a bit of planning.

I agree with Serpent77's comments about licencing though - you'll need to ensure that this is done properly.

There are loads of resources available on the 'net about planning and implementing your AD infrastructure.  Probably a good place to start is http://www.microsoft.com/technet/community/columns/profwin/pw0302.mspx

Things to bear in mind:
Try not to rush - it'll take a while to plan your AD design
Consider what will/may happen in the future and how this will affect your systems
Take a modular approach to building the system.  Make sure that each bit works before you move on.
Test it as you go along - this will help with troubleshooting.

Getting it right will require a lot of work, but it'll be worth it in the long run.

I suggest that you come up with an overall plan, and then post a question on here asking for comments.  If nothing else, you'll have a very clear understanding of how to implement it by the end of it!

Sorry that I can't give a "click this button and it works" type of reply, but what you want to achieve isn't as simple as that :-)

Good luck!

0
 
LVL 1

Assisted Solution

by:Serpent77
Serpent77 earned 60 total points
ID: 11837870
If your primary concern is just restricting access to one server, while allowing it to the other, then Scam's got the right anser, set up two Ou's for your users say "internal users" and "external users" or somethinf similiar, you might want to create a an Ou to create these in since you can't create an Ou under the Users folder in the Active directory users manager.  I usaully do that, calling the ou "User Accts"so you'd have:

Active directory....
|-Yourdomain.intranet
  |-Other folders
  |-<...>
  |-User Accts
    |-Internal Users
    |-External Users
  \-<...>

Then move your users into their appropriate positions.  Right click the Internal Users Ou, go to the group policies page and create a new group policy.  

Another non-active directory method would be to simply put your users into two groups, and give groups access to the shares on the server (printer and file)  this alllows fairly easy to manage access.  If you'r not in the group, you don't get to connect, that simple.  With only 2-3 servers, that might be easier than trying to implement it in group policy until you've had more time to get up to speed on how the active directory works.  Using groups is more old school, much like NT and *nix would control access.

--Serp
0
 
LVL 14

Author Comment

by:Juan Ocasio
ID: 11847460
Hey Guys:

I want to thank both of you for helping me with this.  I don't have all the answers, but I have a super starting point now.  I now know where to go and how to get there!!!!

Again, thanks for taking the time!

jocasio
0
 
LVL 15

Expert Comment

by:scampgb
ID: 11850892
Hi.  Glad I could help :)
0

Featured Post

Save on storage to protect fatherhood memories

You're the dad who has everything. This Father's Day, make sure your family memories are protected. My Passport Ultra has automatic backup and password protection to keep your cherished photos and videos safe. With up to 3TB, you have plenty of room to hold the adventures ahead.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
cant gain access to the internet 4 45
Tools to detect weak WiFi routers prior connecting to it 14 101
P2P and MPLS 3 41
How to limit traffic to Netscaler 10.5 VIP 3 11
Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now