Domains with same name across VPN - no trust necessary

I am testing a disaster recovery plan which involves using Microsoft's Hyper-V to recreate the domain at an offsite location. There is a VPN established between these points so that files can be replicated and so that users can access the disaster VPN if required. In addition, one user in the remote location accesses the domain (not the virutalized one) terminal server. That user is actually on a third subnet.

Anyway, can I safely bring my virutal servers/domain on-line with a connected configuration (not local/private) network so that I can test connectivity to the Imternet, test applications and log in as a user remotely? Will this cause any problems for the "real" domain that is running on the other side of the VPN?

BTW, this virtual domain will be in a "live" IP subnet so I am assuming i will have to be careful about DHCP running, etc., when I try this. I figured I would work out one issue/concern at a time.

Thanks.
theffernanAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Syed Mutahir AliTechnology ConsultantCommented:
Computer names, IP Addresses, IP Addressing scheme should be different in order to avoid conflicts

You can create a Windows Server install, make sure it is connected via vpn and the remote server can access servers on your side (Firewall ports open etc)

Then do a dcpromo on the remote site and let it replicate over VPN as another dc for the same domain.

This way you would have a domain controller sitting in a remote site

You can use AD > Sites and Services to specify these settings

You should  also make sure that the Global catalog is local to your clients

http://www.petri.co.il/configure_a_new_global_catalog.htm

The above scenario is a backup domain as well with all your AD replicating over the VPN

AD Replication over firewalls :

http://technet.microsoft.com/en-gb/library/bb727063.aspx

---

As you want constant replication of settings / AD , then a good idea will be to make sure that the other environment has a dc (via dcpromo).

--

What servers do you have ?
How have you created the domain ? is it via Physical to virtual conversion  ? or setting up a new environment and syncing with your existing ones ?
Do you have Exchange, SQL etc ?
0
theffernanAuthor Commented:
mutahir:
I am not sure you understand what I am tyring to accomplish. On the "real" domain we are running Symantec's disaster recovery and creating VHD's which are then copied to the remote site. The remote site is expected to run only when the "real" site is down. Everything will be a mirror of the "real" stie that only goes on line if a disaster occurs. In that case, users will all connect to the virtual domain through terminal services from either the "real" site or from remote locations such as their home or a hotel or other temporary office.

We don't plan to keep the virtual site up. We will be regularly replicating vhd's and will build the remote virutal servers once they are needed. I just want to be able to test this ability every now and again. What I am trying to determine is if I need to bring the "real" site down during the testing process due to the names confilicts or if I can do my testing during regular business hours.
0
Syed Mutahir AliTechnology ConsultantCommented:
I had an idea what you are after as I am doing the same thing but I have setup all dcs and other two servers in Hyper-v internal network so they don't speak to the outside world at all.

I have backed up using BESR 2010 Recovery and converted them or restored them into VMs

---
If there is VPN Connectivity between the two sites, there is a chance of conflicts, because the server names would be the same, make sure you don't allow any ports on either firewalls for the traffic to pass through but even then I would hesitate.

What you can do is, just create a virtual network which is Private, make sure your converted or restored vms from real site are using that virtual network, switch on that VM and you will be good to go as they won't be able to communicate apart from each other.

Once you real site is down, you would have to change your Virtual Network Settings and Settings in each vm to use the right one.

---

Also, I have faced activation issues when doing what you have done, some servers won't past the login screen and would give me activation problems.

let me know if you have any further question on this
Hope this Helps
0
Introducing the "443 Security Simplified" Podcast

This new podcast puts you inside the minds of leading white-hat hackers and security researchers. Hosts Marc Laliberte and Corey Nachreiner turn complex security concepts into easily understood and actionable insights on the latest cyber security headlines and trends.

theffernanAuthor Commented:
Thanks. I have tested it in the private network. That works fine, but in the event I need to use this virtual domain, it will be necessary to have it talk to the outside world. I just want to test it live to make sure the firewall settings are set to allow connections and that everything does work from the outside world before I need it.. I don't currently have control over the firewall at the remote site so i need to make sure everything is set and read to go with a proven success before we need it.

I have had problems with activation as well but I believe I have that issue resolved.
0
Syed Mutahir AliTechnology ConsultantCommented:
Yes in an event that you have to use this site, you would need a site to site vpn connection between these two sites, you would have to allow Active Directory Ports, and any other ports that are required by other applications on the remote firewall so that traffic from your NORMAL site can access devices / services located in the remote site.

http://technet.microsoft.com/en-gb/library/bb727063.aspx

For AD you would have to open the Above ports on the remote firewall (Where your DR site is)

You will also would have to change your MX records if you have exchange server to point to the right Public IP Address

Anyother Ports you have documented or you have apps which are using custom ports within your LAN would have to be opened in order for full connectivity / availability.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Syed Mutahir AliTechnology ConsultantCommented:
What did you did in Activation problems ?
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Virtual Server

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.