Link to home
Start Free TrialLog in
Avatar of mjb765
mjb765

asked on

Can I have 2 AD domains in different forests on the same subnet?

I need to create a 2nd domain, but would like to run it on the same subnet since all the deivices on both domains need to talk to each other for file and print. Can this be done? If I configure the DHCP scope to give out 1 DNS server in each domain with pointers back to the other domain can this work?? This only needs to run like this for approx 3 years and then the first domain will come down after all the users have migrated out of it. I'm trying to avoid having to re-configure all the switches with an additional VLAN with ACL's and routing rules.
Avatar of ljp102
ljp102

yes.
We are currently doing that ourselves having migrated from our old domain to our new leaving the old DC there.
You can even create a trust relationship between domains so that they can share files and printers between the two.

But, for organization, have you considered two different virtual LANS (VLANS).
Avatar of mjb765

ASKER

I have multiple VLANS now...just trying to avoid having to create another one. I have no problem creating another SSID and another RADIUS server for the wireless users on the new domain.  Should I just create a different DHCP scope range in the same subnet with DNS pointing back to both domains?
DHCP is a broadcast protocol and it would be difficult to create a new scope range without making certain that each computer you bring aboard that broadcast domain, has a MAC reservation within DHCP.  This is why I was advocating a VLAN configuration. Nonetheless, you still can have two domains on the same subnet and within the same DHCP scope/address pool.

DNS is populated by the client. So, it's not as important to separate that. It will be separated upon registration.
Avatar of mjb765

ASKER

Without using the reservation...do you think it would work using DNS settings that point to each domain's DNS server and then let the PC find the correct domain to log into?
Regardless of DNS or DHCP, you still have to add the computer to one of the domains. Otherwise it's just a workgroup computer. Since joining a domain is manual, DNS or DHCP is NOT a factor in deciding what domain you join.

You will just have two domains sharing the same DHCP scope/address pool and DNS servers. However, after joining the domain, you will have to create two different zones, one for each domain, on the DNS servers they share. The split comes when you use permissions. AD is split into two domains. Now, those two domains can trust each other and that split can be negligable.

DHCP will be a little confusing. You will not be able to look at a computer and decide which one is on which domain. But, who really cares.
Avatar of mjb765

ASKER

DNS is always a factor when joining the domain, as the PC will need to have the correct DNS info to find the DC for the domain it is trying to join. But like I said..as long as both DHCP scopes are on the same subnet and provide a pointer to each DNS server then you are saying this should work. I am going to separate wireless clients by SSID so that when they attempt to connect to a specific SSID, that will point them to the correct RADIUS server which will then authenticate to the correct AD.....still sound good?
ASKER CERTIFIED SOLUTION
Avatar of ChiefIT
ChiefIT
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial