Solved

Active Directory Trusts.

Posted on 2006-07-21
7
193 Views
Last Modified: 2010-03-18
Hi there,

I have a windows 2003 AD setup, and already running on a 192.168.0.x network.  I want to create a new network, with AD on a 192.168.1.x network.  I want the new network, to have no access to old network. And I want the old network to have access to the new network.  Can someone please walk me through this or point me to a step by step.  

Thanks
0
Comment
Question by:lmpsteelwire
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
7 Comments
 
LVL 11

Expert Comment

by:Steve Agnew
ID: 17156205
You don't have to do anything.  Windows will see the networks and it knows the difference.  The physical network will need to have a router so that traffic sent from 192.168.0.x to 192.168.1.x will be 'routed' or if you use a subnet mask of say 255.255.224.0 (I think) that puts them both in the same 'logical' network.  Or you can actually put multiple IP addresses on the network cards if they are in the same physical network and they will be able to communicate but it probably will have delays and you might run into other issues with 2003 security not liking the same machine with multiple IP's

I think you may be trying to ask more than what you are saying.. is this like your own test setup and you just want to see what's required, or are you setting this up for a real life scenario?
0
 
LVL 2

Author Comment

by:lmpsteelwire
ID: 17156316
Real Life....

I am created a Test Network, that has its own AD and what not.  I would simply like to be able to manage it from my PC in the LIVE AD, and not let it see the LIVE AD.  I would like to be able to deploy a virus or something onto that test network, to test how stuff reacts and what not, and not worry about my Live System going down.  
0
 
LVL 11

Expert Comment

by:Steve Agnew
ID: 17156393
Well AD is designed to be it's own king, but plays nicely with other AD's in the same physical network or not.  AD is simply a 'security boundry' If I setup two AD domain controllers each running it's own single domain and one is at 192.168.0.1 and the other is at 192.168.0.2 they will work just fine and if I try to connect to one from the other it will prompt me for a valid account before anything can be done... if I use a valid account I could manage each from the other.. now if I have one on 192.168.0.1 and the other on 192.168.1.1 with a subnet mask of 255.255.255.0 then they can't see each other even if they are both plugged into a hub, they are on the same 'physical' network, but they are on different logical networks..
0
 
LVL 11

Accepted Solution

by:
Steve Agnew earned 250 total points
ID: 17156634
I guess what I'm saying is if you can get to it from your pc on a live network, then so would a virus- if a path exists it exists.. if you seperate your test network in any real and meaningful way either physically or logically- you also won't be able to manage it.  The same way you manage a network is how a virus gets around.. a path.
0
 
LVL 43

Assisted Solution

by:Steve Knight
Steve Knight earned 250 total points
ID: 17157494
The obvious way to manage something like this is using a protocol such as RDP, VNC etc. and having a firewall between the two LAN's.  Then you can easily manage a server on the other LAN using RDP and then maybe hop onto other boxes but the only connection between the LAN's would be, potentially a single rule allowing hosta on LANa to connect using port 3389 (RDP) to hostb on LANb and that's it.

Steve
0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Nslookup is a command line driven utility supplied as part of most Windows operating systems that can reveal information related to domain names and the Internet Protocol (IP) addresses associated with them. In simple terms, it is a tool that can …
An article on effective troubleshooting
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Suggested Courses
Course of the Month8 days, 23 hours left to enroll

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question