Active Directory Trusts.

Hi there,

I have a windows 2003 AD setup, and already running on a 192.168.0.x network.  I want to create a new network, with AD on a 192.168.1.x network.  I want the new network, to have no access to old network. And I want the old network to have access to the new network.  Can someone please walk me through this or point me to a step by step.  

Thanks
LVL 2
lmpsteelwireIT / Business AnalystAsked:
Who is Participating?
 
Steve AgnewConnect With a Mentor Sr. Systems EngineerCommented:
I guess what I'm saying is if you can get to it from your pc on a live network, then so would a virus- if a path exists it exists.. if you seperate your test network in any real and meaningful way either physically or logically- you also won't be able to manage it.  The same way you manage a network is how a virus gets around.. a path.
0
 
Steve AgnewSr. Systems EngineerCommented:
You don't have to do anything.  Windows will see the networks and it knows the difference.  The physical network will need to have a router so that traffic sent from 192.168.0.x to 192.168.1.x will be 'routed' or if you use a subnet mask of say 255.255.224.0 (I think) that puts them both in the same 'logical' network.  Or you can actually put multiple IP addresses on the network cards if they are in the same physical network and they will be able to communicate but it probably will have delays and you might run into other issues with 2003 security not liking the same machine with multiple IP's

I think you may be trying to ask more than what you are saying.. is this like your own test setup and you just want to see what's required, or are you setting this up for a real life scenario?
0
 
lmpsteelwireIT / Business AnalystAuthor Commented:
Real Life....

I am created a Test Network, that has its own AD and what not.  I would simply like to be able to manage it from my PC in the LIVE AD, and not let it see the LIVE AD.  I would like to be able to deploy a virus or something onto that test network, to test how stuff reacts and what not, and not worry about my Live System going down.  
0
 
Steve AgnewSr. Systems EngineerCommented:
Well AD is designed to be it's own king, but plays nicely with other AD's in the same physical network or not.  AD is simply a 'security boundry' If I setup two AD domain controllers each running it's own single domain and one is at 192.168.0.1 and the other is at 192.168.0.2 they will work just fine and if I try to connect to one from the other it will prompt me for a valid account before anything can be done... if I use a valid account I could manage each from the other.. now if I have one on 192.168.0.1 and the other on 192.168.1.1 with a subnet mask of 255.255.255.0 then they can't see each other even if they are both plugged into a hub, they are on the same 'physical' network, but they are on different logical networks..
0
 
Steve KnightConnect With a Mentor IT ConsultancyCommented:
The obvious way to manage something like this is using a protocol such as RDP, VNC etc. and having a firewall between the two LAN's.  Then you can easily manage a server on the other LAN using RDP and then maybe hop onto other boxes but the only connection between the LAN's would be, potentially a single rule allowing hosta on LANa to connect using port 3389 (RDP) to hostb on LANb and that's it.

Steve
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.