jskfan
asked on
setting Active directory in different subnet
I have my domain controller on one subnet eg: 10.1.1.0 subnet
I have an AD domain named Mydomain.com
in another subnet 10.1.17.0
I create an AD domain with the same Mydomain.com, using it for Lab
between the 2 subnets the Default gateway IP is 10.1.17.1
My workstation is on subnet 10.1.1.0, and would like to be able to remote to 10.1.17.0 subnet and work with DCs in the Lab.
But I don't want the DCs to be able to replicate anything to the 10.1.1.0 subnets because the production AD is there and as I mentionned has the same name as the Lab domain (Mydomain.com)
I believe if I change my workstation (which is in the 10.1.1.0 subnet) DG to 10.1.17.1 I would be able to get to the Lab network and without fear there would be nothing that can go back from the 10.1.17.0 network to 10.1.1.0 as long as the machines in the 10.1.17.0 subnet will not have a DG configured for 10.1.1.0 subnets.
Correct?
Thanks
This is assuming that the router is currently routing traffic between the two networks. If you can ping the other domain controller by IP address, you're good.
Your two domains are essentially unaware of each other, and provided you ensure they are both looking at their own DNS servers you shouldn't get any problems.
Your two domains are essentially unaware of each other, and provided you ensure they are both looking at their own DNS servers you shouldn't get any problems.
ASKER
I meant both network have the same domain name, the same DNS zone name , the same administrator account name and password. The only difference between the 2 domains is that they are in 2 different subnets, but the 2 subnets can talk to each other.
I want to make sure that both domains will not replicate.
I want to make sure that both domains will not replicate.
ASKER
forget about this:
<< I believe if I change my workstation (which is in the 10.1.1.0 subnet) DG to 10.1.17.1 I would be able to get to the Lab network and without fear there would be nothing that can go back from the 10.1.17.0 network to 10.1.1.0 as long as the machines in the 10.1.17.0 subnet will not have a DG configured for 10.1.1.0 subnets.>>>
<< I believe if I change my workstation (which is in the 10.1.1.0 subnet) DG to 10.1.17.1 I would be able to get to the Lab network and without fear there would be nothing that can go back from the 10.1.17.0 network to 10.1.1.0 as long as the machines in the 10.1.17.0 subnet will not have a DG configured for 10.1.1.0 subnets.>>>
ASKER
In the DC I put the DG to the VLAN so I can remote from the production network to the LAB and back.
This is where I am too much concerned, I am afraid there will be replication between both identical domains eventhough they are in 2 different subnets, but still can talk to each other.
This is where I am too much concerned, I am afraid there will be replication between both identical domains eventhough they are in 2 different subnets, but still can talk to each other.
ASKER
Though I thought even if 2 DCs within the same domain but 2 different subnets can't replicate to each other unless you canfigure them to do so in the AD sites and services
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
<<How did you set the domains up - two seperate installs, but just the same names>>
Yes
Yes
OK, then the domain and domain controller Security IDs (SID) will be different. Providing they are two domains in seperate forests, with no trusts between them, then there is no mechanism for the two domains to talk to each other. Basically, if you can't see the other domain in AD Domains and Trusts on one DC, then you're OK.
As long as you have two seperate subnets, and as said before, your DNS setup for each domain is correct, then you should be OK.
Just remote into the other DC from your domain, but log in using a username/password from the other domain.
As long as you have two seperate subnets, and as said before, your DNS setup for each domain is correct, then you should be OK.
Just remote into the other DC from your domain, but log in using a username/password from the other domain.
ASKER
when you install the second domain, it will ask if it s the first domain controller in the new forest.
So I think if it's yes that mean 2 forests even with the same domain name will not talk to each other unless there is a trust between them.
I also think you still can install 2 AD Domains with the same name in the same subnet, and they will still be considered as 2 separate forests. Correct?
So I think if it's yes that mean 2 forests even with the same domain name will not talk to each other unless there is a trust between them.
I also think you still can install 2 AD Domains with the same name in the same subnet, and they will still be considered as 2 separate forests. Correct?
Theoritically you can have two domains running in the same subnet, yes, but having two domains with the same name, on the same subnet, while theoritically possible probably isn't a good idea, even if just to keep your own life simple!
Do bear in mind that you couldn't run DHCP on either domain if they were on the same subnet. You'd end up with machines from one domain getting IP config from the other domain's DHCP server, meaning that they'd be using the wrong DNS servers. Consequently they'd then try to authenticate with the wrong DC, with problems ensuing.
Do bear in mind that you couldn't run DHCP on either domain if they were on the same subnet. You'd end up with machines from one domain getting IP config from the other domain's DHCP server, meaning that they'd be using the wrong DNS servers. Consequently they'd then try to authenticate with the wrong DC, with problems ensuing.
So if your lab domain controller is on 10.1.17.10, go Start | Run | mstsc - enter this IP address, and then login with a user from the lab domain.