Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Active Directory Trusts.

Posted on 2006-07-21
7
Medium Priority
?
194 Views
Last Modified: 2010-03-18
Hi there,

I have a windows 2003 AD setup, and already running on a 192.168.0.x network.  I want to create a new network, with AD on a 192.168.1.x network.  I want the new network, to have no access to old network. And I want the old network to have access to the new network.  Can someone please walk me through this or point me to a step by step.  

Thanks
0
Comment
Question by:lmpsteelwire
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
7 Comments
 
LVL 11

Expert Comment

by:Steve Agnew
ID: 17156205
You don't have to do anything.  Windows will see the networks and it knows the difference.  The physical network will need to have a router so that traffic sent from 192.168.0.x to 192.168.1.x will be 'routed' or if you use a subnet mask of say 255.255.224.0 (I think) that puts them both in the same 'logical' network.  Or you can actually put multiple IP addresses on the network cards if they are in the same physical network and they will be able to communicate but it probably will have delays and you might run into other issues with 2003 security not liking the same machine with multiple IP's

I think you may be trying to ask more than what you are saying.. is this like your own test setup and you just want to see what's required, or are you setting this up for a real life scenario?
0
 
LVL 2

Author Comment

by:lmpsteelwire
ID: 17156316
Real Life....

I am created a Test Network, that has its own AD and what not.  I would simply like to be able to manage it from my PC in the LIVE AD, and not let it see the LIVE AD.  I would like to be able to deploy a virus or something onto that test network, to test how stuff reacts and what not, and not worry about my Live System going down.  
0
 
LVL 11

Expert Comment

by:Steve Agnew
ID: 17156393
Well AD is designed to be it's own king, but plays nicely with other AD's in the same physical network or not.  AD is simply a 'security boundry' If I setup two AD domain controllers each running it's own single domain and one is at 192.168.0.1 and the other is at 192.168.0.2 they will work just fine and if I try to connect to one from the other it will prompt me for a valid account before anything can be done... if I use a valid account I could manage each from the other.. now if I have one on 192.168.0.1 and the other on 192.168.1.1 with a subnet mask of 255.255.255.0 then they can't see each other even if they are both plugged into a hub, they are on the same 'physical' network, but they are on different logical networks..
0
 
LVL 11

Accepted Solution

by:
Steve Agnew earned 1000 total points
ID: 17156634
I guess what I'm saying is if you can get to it from your pc on a live network, then so would a virus- if a path exists it exists.. if you seperate your test network in any real and meaningful way either physically or logically- you also won't be able to manage it.  The same way you manage a network is how a virus gets around.. a path.
0
 
LVL 43

Assisted Solution

by:Steve Knight
Steve Knight earned 1000 total points
ID: 17157494
The obvious way to manage something like this is using a protocol such as RDP, VNC etc. and having a firewall between the two LAN's.  Then you can easily manage a server on the other LAN using RDP and then maybe hop onto other boxes but the only connection between the LAN's would be, potentially a single rule allowing hosta on LANa to connect using port 3389 (RDP) to hostb on LANb and that's it.

Steve
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Downtime reduced, data recovered by utilizing an Experts Exchange Business Account Challenge The United States Marine Corps employs more than 200,000 active-duty Marines with operations in four continents, all requiring complex networking system…
Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question