Solved

Active Directory Trusts.

Posted on 2006-07-21
7
186 Views
Last Modified: 2010-03-18
Hi there,

I have a windows 2003 AD setup, and already running on a 192.168.0.x network.  I want to create a new network, with AD on a 192.168.1.x network.  I want the new network, to have no access to old network. And I want the old network to have access to the new network.  Can someone please walk me through this or point me to a step by step.  

Thanks
0
Comment
Question by:lmpsteelwire
  • 3
7 Comments
 
LVL 11

Expert Comment

by:Steve Agnew
ID: 17156205
You don't have to do anything.  Windows will see the networks and it knows the difference.  The physical network will need to have a router so that traffic sent from 192.168.0.x to 192.168.1.x will be 'routed' or if you use a subnet mask of say 255.255.224.0 (I think) that puts them both in the same 'logical' network.  Or you can actually put multiple IP addresses on the network cards if they are in the same physical network and they will be able to communicate but it probably will have delays and you might run into other issues with 2003 security not liking the same machine with multiple IP's

I think you may be trying to ask more than what you are saying.. is this like your own test setup and you just want to see what's required, or are you setting this up for a real life scenario?
0
 
LVL 2

Author Comment

by:lmpsteelwire
ID: 17156316
Real Life....

I am created a Test Network, that has its own AD and what not.  I would simply like to be able to manage it from my PC in the LIVE AD, and not let it see the LIVE AD.  I would like to be able to deploy a virus or something onto that test network, to test how stuff reacts and what not, and not worry about my Live System going down.  
0
 
LVL 11

Expert Comment

by:Steve Agnew
ID: 17156393
Well AD is designed to be it's own king, but plays nicely with other AD's in the same physical network or not.  AD is simply a 'security boundry' If I setup two AD domain controllers each running it's own single domain and one is at 192.168.0.1 and the other is at 192.168.0.2 they will work just fine and if I try to connect to one from the other it will prompt me for a valid account before anything can be done... if I use a valid account I could manage each from the other.. now if I have one on 192.168.0.1 and the other on 192.168.1.1 with a subnet mask of 255.255.255.0 then they can't see each other even if they are both plugged into a hub, they are on the same 'physical' network, but they are on different logical networks..
0
 
LVL 11

Accepted Solution

by:
Steve Agnew earned 250 total points
ID: 17156634
I guess what I'm saying is if you can get to it from your pc on a live network, then so would a virus- if a path exists it exists.. if you seperate your test network in any real and meaningful way either physically or logically- you also won't be able to manage it.  The same way you manage a network is how a virus gets around.. a path.
0
 
LVL 43

Assisted Solution

by:Steve Knight
Steve Knight earned 250 total points
ID: 17157494
The obvious way to manage something like this is using a protocol such as RDP, VNC etc. and having a firewall between the two LAN's.  Then you can easily manage a server on the other LAN using RDP and then maybe hop onto other boxes but the only connection between the LAN's would be, potentially a single rule allowing hosta on LANa to connect using port 3389 (RDP) to hostb on LANb and that's it.

Steve
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

832 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question