[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Can I have 2 AD domains in different forests on the same subnet?

Posted on 2011-05-05
9
Medium Priority
?
835 Views
Last Modified: 2012-05-11
I need to create a 2nd domain, but would like to run it on the same subnet since all the deivices on both domains need to talk to each other for file and print. Can this be done? If I configure the DHCP scope to give out 1 DNS server in each domain with pointers back to the other domain can this work?? This only needs to run like this for approx 3 years and then the first domain will come down after all the users have migrated out of it. I'm trying to avoid having to re-configure all the switches with an additional VLAN with ACL's and routing rules.
0
Comment
Question by:mjb765
9 Comments
 

Expert Comment

by:ljp102
ID: 35701437
yes.
0
 
LVL 17

Expert Comment

by:pjam
ID: 35701465
We are currently doing that ourselves having migrated from our old domain to our new leaving the old DC there.
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 35701685
You can even create a trust relationship between domains so that they can share files and printers between the two.

But, for organization, have you considered two different virtual LANS (VLANS).
0
Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

 

Author Comment

by:mjb765
ID: 35701710
I have multiple VLANS now...just trying to avoid having to create another one. I have no problem creating another SSID and another RADIUS server for the wireless users on the new domain.  Should I just create a different DHCP scope range in the same subnet with DNS pointing back to both domains?
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 35703179
DHCP is a broadcast protocol and it would be difficult to create a new scope range without making certain that each computer you bring aboard that broadcast domain, has a MAC reservation within DHCP.  This is why I was advocating a VLAN configuration. Nonetheless, you still can have two domains on the same subnet and within the same DHCP scope/address pool.

DNS is populated by the client. So, it's not as important to separate that. It will be separated upon registration.
0
 

Author Comment

by:mjb765
ID: 35703190
Without using the reservation...do you think it would work using DNS settings that point to each domain's DNS server and then let the PC find the correct domain to log into?
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 35703236
Regardless of DNS or DHCP, you still have to add the computer to one of the domains. Otherwise it's just a workgroup computer. Since joining a domain is manual, DNS or DHCP is NOT a factor in deciding what domain you join.

You will just have two domains sharing the same DHCP scope/address pool and DNS servers. However, after joining the domain, you will have to create two different zones, one for each domain, on the DNS servers they share. The split comes when you use permissions. AD is split into two domains. Now, those two domains can trust each other and that split can be negligable.

DHCP will be a little confusing. You will not be able to look at a computer and decide which one is on which domain. But, who really cares.
0
 

Author Comment

by:mjb765
ID: 35703267
DNS is always a factor when joining the domain, as the PC will need to have the correct DNS info to find the DC for the domain it is trying to join. But like I said..as long as both DHCP scopes are on the same subnet and provide a pointer to each DNS server then you are saying this should work. I am going to separate wireless clients by SSID so that when they attempt to connect to a specific SSID, that will point them to the correct RADIUS server which will then authenticate to the correct AD.....still sound good?
0
 
LVL 39

Accepted Solution

by:
ChiefIT earned 2000 total points
ID: 35745100
Yes, that sounds like a good plan.

Some drawbacks. If you separate your subnets, you will have problems with netbios resolution. Netbios is used for file and print sharing. Also DHCP is a broadcast protocol, like netbios. What we do is allow our switches or router to provide DHCP on that subnet. Then, we get port 80 to work between the different virtual LANS, first. That allows web page access to things like e-mail. IPhelper is used to help get DHCP across different subnets, and Netbios helper will help with netbios broadcasts.
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question