Solved

2 forests, same domain name, same network, what i need to be careful ?

Posted on 2007-04-03
5
476 Views
Last Modified: 2012-05-05
I would like to know the impact if 2 separate forest (2003 server)  in the same network have the same domain name?
The impact is it the same if i have 2 forest with the same domain name on 2 differant subnet and i route the two subnet to communicate each other?
0
Comment
Question by:WebHunter76
  • 3
5 Comments
 
LVL 8

Assisted Solution

by:RichardSlater
RichardSlater earned 30 total points
ID: 18845303
You are going to run into some major problems with that, the two domains could quite happily coexist on the same physical network however you would need to make special arrangements with DHCP (i.e. reservations on each domain for all devices). Communication between the two domains is probably going to be a big problem because there is no way to differentiate between the two.
0
 
LVL 30

Accepted Solution

by:
LauraEHunterMVP earned 120 total points
ID: 18845500
If by communications you are trying to establish any sort of a trust relationship so that users in one domain will be able to access resources in the other, this will not be difficult...it will be impossible.  (Trust relationships cannot be created between two domains that have the same name under any circumstances.)

Additionally, you will experience issues with any sort of NetBIOS traffic, since NetBIOS will detect a conflict between the NetBIOS records for the two separate domains. Even if you remove NetBIOS conflicts from the picture, you will need to procedurally enforce uniqueness of FQDNs across the two domains, since DNS resolution will obviously go haywire if you have two separate IP addresses configured for server1.domain.com.

Frankly I think it's asking for more trouble than it's worth - I certainly wouldn't deploy something like you're describing onto a production network.  My $.02, anyway.

Hope this helps.

Laura E. Hunter - Microsoft MVP: Windows Server - Networking

0
 

Author Comment

by:WebHunter76
ID: 18847747
the main concern is that i want to recreate a new Active Directory forest with the same Name, so user will not be affected by the change (no local profile to copy) because the actual AD Structure is too bad i have to restart all from scratch ( actually  4 DC AD 2003 ( DHCP + DNS)+ 2 SQL all on the same class c subnet )  and i want to put only 2 DC with DHCP & DNS with windows 2003, SQL and exchange Server 2003 as member server and not at the same time DC as actually + a file server and finally a production server in a new class b subnet.  It is possible for me to have some maintenace periode but never more than 8 hours a week for the server.
0
 
LVL 30

Assisted Solution

by:LauraEHunterMVP
LauraEHunterMVP earned 120 total points
ID: 18847771
I certainly understand the desire to have a transparent migration process for your users. However, I can promise you to a nearly 100% certainty that you won't be able to pull off that kind of migration by standing up two forests with the same name on the same network.  It just plain won't work.

It's also worth noting that, even if you were to move UserA from ForestA(1) to ForestA(2), a new profile would be generated because ForestA(1)\UserA and ForestA(2)\UserA would possess different SIDs, which would screw up the permissions on the local profile -anyway-.

If your organization's tolerance for downtime is that low for a migration of that level of complexity, I might recommend investing in a third-party migration tool from someone like Quest or NetPro.  A tool like that has a dollar-value pricetag associated with it, but it will drastically cut down the amount of time your migration process will take.


0
 
LVL 30

Assisted Solution

by:LauraEHunterMVP
LauraEHunterMVP earned 120 total points
ID: 18847814
Additionally, any migration tool is going to require (or at least =strongly recommend=) that a trust relationship exist between the source and target domains in order to perform the migration.  As I mentioned above, this is not possible when 2 domains have the same name.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

791 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question