Solved

mixed network

Posted on 2011-03-11
19
394 Views
Last Modified: 2012-06-27
I have another question that asks about this, but since I am not receiving any assistance, let me break them down into smaller questions.

We have inherited a Win Server 2003 and Terminal server.  The small office is currently two networks, a wireless one (three wired connections) through a Bellsouth DSL modem, and one in the back where three computer are connected through cat 5.  The wireless network is the 192.168.1.xxx network and uses dhcp.  The one in back is 192.168.0.xxx, no dhcp.  basic peer to peer with a pseudo server (win7) running peachtree complete and quickbooks, and two workstations that occassionally access win7 server and mostly work off of a NAS for the main accounting.  Also have a HP Laserjet heavy duty printer connected.  The wired network is on a different workgroup than wireless network.  The two workstations in back also are connected to the wireless network, one by wireless, the other through a cat 5 run since wireless signal was flaky back there.

Now then the question.  Since we now have the win server 2003, I imagine all that wish to connect to it will have to join the domain.  One of the computers in back used to connect through vpn to the terminal server to do data entry.  Can we still use vpn over the internal network for her to communicate, or do I have to now have her join the server domain to access the server directly.  And if I do that, how will that affect my wired network in back of which she is attached?

Any suggestions as to how to proceed on this?

Thanks
0
Comment
Question by:jjackson2004
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 6
  • 5
19 Comments
 
LVL 3

Accepted Solution

by:
tearman earned 250 total points
ID: 35109450
You can join computers to a domain over VPN and keep them operating, the question is why?

You don't NEED to join them to a domain, and your environment might be small enough that it might not even be worth it.  AD has some neat features as far as SSO goes but with systems like those, it might not even be worth it.

Ultimately, I'd probably bridge the two networks together (wireless and back office) then do a dual-WAN uplink (Cisco makes small business routers, and Astaro makes software that can do it as well) network with 2 VLANs (the wireless and the hardwired).

However, you might consider moving your wireless to the Ubiquiti UniFi system since its cheap and offers some excellent management capabilities for you as the sysadmin.
0
 

Author Comment

by:jjackson2004
ID: 35109526
So the computers can access the server without joining the domain?

I apologize that it was not clear why I am asking this.  The current setup is working. Now we have the server and the need to access it.  That is why I was asking these questions.
0
 
LVL 4

Assisted Solution

by:Jason Johanknecht
Jason Johanknecht earned 250 total points
ID: 35109543
Why do you have two seperate networks if you want them all to connect to the server?
You can statically assign computers in the 192.168.1.xxx network, just make sure your DHCP settings don't hand out their IP address.  This can be done by reserving an IP using their MAC address in DHCP.  If you have two networks so that the accounting computers were not on the internet and thus unprotected, you would obviously need security software added like Symantec End Point.  You will need to have enough CALs for clients that access the server, but you don't have to join the domain neccessarily.  Why would you not want to join the domain?   Is the 2003 server also a terminal server?  You can just connect via RDP to the terminal server on the internal network and not need to join any domain.
0
DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

 
LVL 3

Expert Comment

by:tearman
ID: 35109547
There really isn't much of a reason to have them on a domain unless you want SSO.  I have a set up for a small business that uses Exchange and file systems off of a set of systems with the end client machines NOT joined to the domain (even though a domain exists for Exchange).

Frankly with all the nuances of Group Policy, I'd avoid it until you got a lot more comfortable with it and had a reason to go forward there.
0
 

Author Comment

by:jjackson2004
ID: 35109554
Maybe AD is much better these days, but back in the old days when it came out, it was not fun to work with and I avoided it whenever possible.  But then again, I was a Novell person so that could also have been why as well.
0
 

Author Comment

by:jjackson2004
ID: 35109562
Ok, how would you set it up.  (what is sso?)
0
 
LVL 3

Expert Comment

by:tearman
ID: 35109569
AD hasn't improved a whole lot over the years.  Its gotten some nice new features (like GP recycle bins in AD2008), but its still the gift that keeps on giving (REALLY easy to mess something up very badly).
0
 
LVL 4

Expert Comment

by:Jason Johanknecht
ID: 35109574
Yes you can access the server without joining the domain.
0
 
LVL 3

Expert Comment

by:tearman
ID: 35109585
SSO = Single Sign-On.  If you WANT to set it up, assign the Domain Controller role to a server, then go through that process.  It'll install a BUNCH of roles (like DNS).  THEN you have to point your DNS on your DHCP server on the alternate network to your domain controller, then tell every individual machine, instead of working on a workgroup, to work off a domain (whatever you choose it to be).
0
 
LVL 4

Expert Comment

by:Jason Johanknecht
ID: 35109610
Just connect them all to the same network 192.168.1.xxx.

Then have the user names and passwords match on the server and computer you will use as workgroup.  Since you aren't using a domain for those computers, you will use local logon.
0
 

Author Comment

by:jjackson2004
ID: 35109631
I would prefer to do this with as little work on the server as possible.  If I could get the server and terminal server set up at this new location (it was at a different office before), it would be great.  The dream is that I can just connect them back up, and then figure out how to tell terminal server that it has a new static ip address to access.  I also assume that I have to open some ports on the dsl modem.  Then I will worry about the local computers that have to access it.

 If this is delving into a different question, I will copy this out to a new question.

Thanks all for prompt replies.  I am on site and stressed.
0
 
LVL 3

Expert Comment

by:tearman
ID: 35109632
But with your setup, I'd probably just bridge the two networks together to two separate VLANs, and run ethernet to as many boxes as possible, then switch to Ubiquiti's UniFi wireless system where you can't.  Use Astaro Small Business Edition for your router.  Life would be much easier that way.  pGina is an open source project to replace ActiveDirectory's built-in mechanism on each machine if you NEED SSO across machines but not necessarily with all the nuances of AD.
0
 

Author Comment

by:jjackson2004
ID: 35109988
I have not dealt with servers since wireless became so prevalent.  Can you have connect to the windows server through wireless without a problem.  I notice that you keep referring to Ubiauiti's system, so I am assuming that there is a problem trying to connect to the domain over wireless.

Also, anyone familiar with dell powerconnect switches?  the picture has it and I cannot read the whole model number, it appears to be *724?  anyway, each server has two ethernet connections and they are all connected to the powerconnect, but one of each is plugged into the rightmose ports, which have a line around them as if they are segregated some how.  Otherwise, it would seem to cause a problem to have both ethernet cables plugged into same switch.
0
 
LVL 4

Expert Comment

by:Jason Johanknecht
ID: 35110122
The servers may have both ethernet connections going into one switch.  The Power Connect switch should be a 24-port smart switch.  In which the connections may have settings for port 24 involving the server.  You can connect to the server via wireless, if you a have a wireless access point or wireless router on the network with the servers.  Do not attach a wireless adapter to the server.
0
 
LVL 4

Expert Comment

by:Jason Johanknecht
ID: 35110148
Here is a link to the power connect 2724 Gigabit network switch online PDF manual:

http://support.dell.com/support/edocs/network/pc27xx/en/ug/PDF/UG_ENd.pdf

This will tell you how to logon and configure the switch.
0
 
LVL 4

Expert Comment

by:Jason Johanknecht
ID: 35110163
What is controlling your DHCP currently on the network that contains the domain controller?
0
 

Author Comment

by:jjackson2004
ID: 35110192
The bellsouth dsl modem is wireless also.  So you are saying that they can use that to connect to the server?

Why would a server have two ethernet connections going into same switch?  Seems redundant.  Looked up port 24 and it appears to be involved with mail, which is not a concern of ours at this time.
0
 
LVL 4

Expert Comment

by:Jason Johanknecht
ID: 35110225
When you say port 24 is involved with mail are you refering to firewall ports or physical ports on switch?
0
 
LVL 4

Expert Comment

by:Jason Johanknecht
ID: 35110238
Depending on how the server and switch are configured, the second ethernet cable may be joined to work as one cable, or as fail over connection (Redundant).
0

Featured Post

PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question