"New Domain Tree" question...
Posted on 2009-02-18
"Sometimes, the learning curve is more of a cliff..."
I have a small AD Domain in chicago which is the "Forest Root Domain". This consists of 7 servers, two of which are Domain Controllers, One is an Exchange server. Both Chicago DC's are G.C's as well.
I also have a small office in Wisconsin connected to the Chicago office via a PPTP VPN. This office has 5 users, two printers, and no servers at this time. The plan here is to add a server to the Wisconsin office and in some fashion, make it a part of the Chicago Forest.
For now, I have the "New" DC here in Chicago, setup on a subnet so I can do the prelim. testing before shipping it all up to Wisconsin and making it live. When setting up the new Domain, I decided on a "New Domain Tree" as the method for installing AD and making that connection to the Forest Root.
All seems to be going well so far, but as usual, I have some questions on the remaining steps.
Basically, I know once I get everything talking correctly, I will have lots more to do for this new Domain like User and admin permissions, Local Wisconsin directories and resource setup and access permissions/restrictions, Etc, Etc. But, I believe that reguardless of how I want the two Domains in the forest to ultimitly "Co-habitate", there are still these basic foundational settings and systems that must be in place from the "Get-Go", before any of the rest will even hope to work.
The main domain is "Knightcorp.knightea.com" - 10.10.70.0/23
The new Domain is "KNorth.knightea.com" - 10.10.76.0/23 - Testing only. will be 10.10.74.0/23 once done.
When I was done with the "Wizard" setting up the AD on this new first DC, it had:
- Added the new domain under the "Active Directory Domains and Trusts" in the existing Forest Root domain.
- Set up a "Transitive, Tree root trust" between the two domains.
- Added the new server to the default site I previously setup for the original domain under "Active Directory Sites and Services", also in the existing Forest Root domain.
- I already added the "Subnet" settings for the test domain, also under "Active Directory Sites and Services" in the existing Forest Root domain.
1. On the new domain controller for the new domain, the default DNS server address it set for itself with the wizard was: 127.0.0.1 as prefered DNS and nothing as secondary. Should this be: Prefered-its own IP and secondary-the IP of the DNS from the Root domain?
2. When I go to a DC in the root domain and verify the trust, it says it cannot find the Domain controller for the new domain tree. does this have something to do with question 1?
And then, in general:
What do I need to do to assure that both sides of this DNS puzzle is configured properly to communicate with each other and the outside world?
I am assuming I need to create a new Site in "Active Directory Sites and Services" and assign the proper subnet and server to that new site. Is there some prefered way to do this for a "New Domain Tree"?
I am also assuming I need to setup replication between the two Domains for AD. Again, A prefered method or procedure?
Based upon the above, am I missing anything that will be needed for this new domain, and its relationship with the Forest Root?
For example: I know I have to do Group Policy, permissions, and O.U. structures for the new Domain, but I am assuming that, once these above items are done, and basic "Inner-forest" tranquility has been achieved, the rest will just fall into place.
Thanks for the assistance!