How to create domain 2 in active directory

kristian_gr
kristian_gr used Ask the Experts™
on
Hi
I've successfully set up my active directory (domain controller) in windows 2008. Ive created one forest with the domain xxx.com, and added some users to it.
I now need to create the domain yyy.com, and add some new users.  
My goal is to give users in xxx.com access to computer_1 and users in yyy.com access to computer_2.
But I cannot figure out how to create the domain yyy.com.  
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2012
Commented:
When you dcpromo the new server you would be asked if you want to create a new domain tree in the same Forest would be the option you want to select.
Lee W, MVPTechnology and Business Process Advisor
Most Valuable Expert 2013
Commented:
A single domain controller can only handle ONE domain. You would need to install another Windows server as a domain controller and setup a different domain.  Then, if you want users in both domains to be able to access each other, you would need to setup a trust between the domains.

In general, this is NOT a good idea, especially for small organizations.  Create OUs and setup policies to prevent some users from accessing some machines.
Commented:
I agree with leew.
OWASP: Forgery and Phishing

Learn the techniques to avoid forgery and phishing attacks and the types of attacks an application or network may face.

Commented:
You can either create a one-way trust or two-way trust on your domains depending on your requirements.
Top Expert 2012
Commented:
I didn't catch that. I was assuming that there were two different machines.

Author

Commented:
ok, so I need two active directories to have two domains. Is there any way I can manage both domains from one of them?
Top Expert 2012
Commented:
No, you need to have both on two seperate domain controllers. I'm almost positive you are going to have to manage both from seperate MMC consoles.
Commented:
Add two domain controllers on same MMC console.

Author

Commented:
ok.
Can they share the same dns and terminal server?
There is a clear warning when installing ts, about installing ts and ad on the same computer.
Top Expert 2012
Commented:
Two different domains need two different DNS namespaces but both can't be AD integrated DNS zones.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial