Solved

Connecting 2 separate AD DC

Posted on 2004-09-11
3
480 Views
Last Modified: 2010-04-19
Setup:

       Network 'A' running Windows 2000 Server on network 192.168.0.x with domain name space "Pittsburgh.com"

       Network 'B' running Windows 2003 Server on network 192.168.10.x with domain name space "Cleveland.com"

Both Domains are up and running in the same server room.  Both are setup with Active Directory.

I would like to create a Forest with both domains being able to have restricted access between each other.

I have tried to setup trusts but the DC's can not see each other.  Also with the routers from both networks connected, my older machines(Win98) and thin clients on network 'A' automatically tried to connect to the DC on network 'B'

Any and all Help will be much appreciated.

Thanks,
Jim
0
Comment
Question by:fellercm
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 51

Expert Comment

by:Netman66
ID: 12037262
Well, to start with, you already have 2 separate Forests now.

What subnet mask are you using for networks A & B?  Whatever it is, make sure that they are on separate networks - if your subnet is too large both segments will be on the same network.  Depending on what you want the clients to do, this may not be desirable.

You may need to do one of two things to have the DCs locate each other.

1)  Add a static route to the servers so each network can route to the other.
2)  Add entries in either the HOSTS file or DNS that point to each other.

Advise.
0
 
LVL 12

Expert Comment

by:BNettles73
ID: 12037291

Deployment Guide states -

"The first domain that you create in your Active Directory
Active Directory
The Windows-based directory service. Active Directory stores information about objects on a network and makes this information available to users and network administrators. Active Directory gives network users access to permitted resources anywhere on the network using a single logon process. It provides network administrators with an intuitive, hierarchical view of the network and a single point of administration for all network objects.forest forest
One or more Active Directory domains that share the same class and attribute definitions (schema), site and replication information (configuration), and forest-wide search capabilities (global catalog). Domains in the same forest are linked with two-way, transitive trust relationships.is automatically designated as the forest root domain forest root domain
The first domain created in a new forest. The forest-wide administrative groups, Enterprise Admins and Schema Admins, are located in this domain. As a best practice, new domains are created as children of the forest root domain.. The forest root domain provides the foundation for your Active Directory forest infrastructure. You must create the forest root domain before you create regional domains or upgrade other Microsoft® Windows NT® 4.0 domains in order to join them to an existing forest. In addition, services that are running on forest root domain controllers, such as the Kerberos version 5 authentication protocol, must be highly available to ensure that users maintain access to resources throughout the forest."


Check out this link ... multiple forest trusts - http://www.winnetmag.com/Articles/ArticleID/38280/pg/2/2.html ... it may help you with your current solution ...

Regarding the windows 98 and thin client issue - check out this article How Windows 98 Active Directory Client Extension uses Active Directory site information http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/Q249/8/41.ASP&NoWebContent=1
0
 
LVL 12

Accepted Solution

by:
ColinRoyds earned 500 total points
ID: 12039874
There are two ways to do this
1.
Use a host file for name resolution
Use a lmhosts file for DC resolution, so the remote DC for the remote domain can be found.

2 In DNS of domain A on your forward lookup zone allow for unsecure communications
In the DNS for domain B, add a secondary forward lookup zone for domain A, specify domain A' DNS server address
In the DNS of domain A on the forward lookup zone allow for zone transfers (this can alos be restricted to domain B only if you want)
Then in the DNS of domain B in the new secondary zone expand the zone then right click and click transfer from master.
You should now have name resolution for domain A from domain B, do the same in revers for domain B - A.
check dns resolution using nslookup in both directions

Now setup your trust using AD D+T, and verify them

Trust done, if you used step 1 to do this you might want to now do step 2 for proper dns resolution.

The reason you cannot do 2 immediately is that DNS by default will only alow for secure comm's so if you are not on the domain you can not do a look up. Therefor as stade in step 2, if this is done before the trust is in place you MUST change the forward lookup zone to unsecure.

hope this helps

Colin
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Organizations create, modify, and maintain huge amounts of data to help their businesses earn money and generally function.  Typically every network user within an organization has a bit of disk space to store in process items and personal files.   …
Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question