Solved

Active Directory Trusts.

Posted on 2006-07-21
7
182 Views
Last Modified: 2010-03-18
Hi there,

I have a windows 2003 AD setup, and already running on a 192.168.0.x network.  I want to create a new network, with AD on a 192.168.1.x network.  I want the new network, to have no access to old network. And I want the old network to have access to the new network.  Can someone please walk me through this or point me to a step by step.  

Thanks
0
Comment
Question by:lmpsteelwire
  • 3
7 Comments
 
LVL 11

Expert Comment

by:Steve Agnew
ID: 17156205
You don't have to do anything.  Windows will see the networks and it knows the difference.  The physical network will need to have a router so that traffic sent from 192.168.0.x to 192.168.1.x will be 'routed' or if you use a subnet mask of say 255.255.224.0 (I think) that puts them both in the same 'logical' network.  Or you can actually put multiple IP addresses on the network cards if they are in the same physical network and they will be able to communicate but it probably will have delays and you might run into other issues with 2003 security not liking the same machine with multiple IP's

I think you may be trying to ask more than what you are saying.. is this like your own test setup and you just want to see what's required, or are you setting this up for a real life scenario?
0
 
LVL 2

Author Comment

by:lmpsteelwire
ID: 17156316
Real Life....

I am created a Test Network, that has its own AD and what not.  I would simply like to be able to manage it from my PC in the LIVE AD, and not let it see the LIVE AD.  I would like to be able to deploy a virus or something onto that test network, to test how stuff reacts and what not, and not worry about my Live System going down.  
0
 
LVL 11

Expert Comment

by:Steve Agnew
ID: 17156393
Well AD is designed to be it's own king, but plays nicely with other AD's in the same physical network or not.  AD is simply a 'security boundry' If I setup two AD domain controllers each running it's own single domain and one is at 192.168.0.1 and the other is at 192.168.0.2 they will work just fine and if I try to connect to one from the other it will prompt me for a valid account before anything can be done... if I use a valid account I could manage each from the other.. now if I have one on 192.168.0.1 and the other on 192.168.1.1 with a subnet mask of 255.255.255.0 then they can't see each other even if they are both plugged into a hub, they are on the same 'physical' network, but they are on different logical networks..
0
 
LVL 11

Accepted Solution

by:
Steve Agnew earned 250 total points
ID: 17156634
I guess what I'm saying is if you can get to it from your pc on a live network, then so would a virus- if a path exists it exists.. if you seperate your test network in any real and meaningful way either physically or logically- you also won't be able to manage it.  The same way you manage a network is how a virus gets around.. a path.
0
 
LVL 43

Assisted Solution

by:Steve Knight
Steve Knight earned 250 total points
ID: 17157494
The obvious way to manage something like this is using a protocol such as RDP, VNC etc. and having a firewall between the two LAN's.  Then you can easily manage a server on the other LAN using RDP and then maybe hop onto other boxes but the only connection between the LAN's would be, potentially a single rule allowing hosta on LANa to connect using port 3389 (RDP) to hostb on LANb and that's it.

Steve
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Downtime reduced, data recovered by utilizing an Experts Exchange Business Account Challenge The United States Marine Corps employs more than 200,000 active-duty Marines with operations in four continents, all requiring complex networking system…
This article is in response to a question (http://www.experts-exchange.com/Networking/Network_Management/Network_Analysis/Q_28230497.html) here at Experts Exchange. The Original Poster (OP) requires a utility that will accept a list of IP addresses …
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now