Can I have 2 AD domains in different forests on the same subnet?

I need to create a 2nd domain, but would like to run it on the same subnet since all the deivices on both domains need to talk to each other for file and print. Can this be done? If I configure the DHCP scope to give out 1 DNS server in each domain with pointers back to the other domain can this work?? This only needs to run like this for approx 3 years and then the first domain will come down after all the users have migrated out of it. I'm trying to avoid having to re-configure all the switches with an additional VLAN with ACL's and routing rules.
mjb765Asked:
Who is Participating?
 
ChiefITCommented:
Yes, that sounds like a good plan.

Some drawbacks. If you separate your subnets, you will have problems with netbios resolution. Netbios is used for file and print sharing. Also DHCP is a broadcast protocol, like netbios. What we do is allow our switches or router to provide DHCP on that subnet. Then, we get port 80 to work between the different virtual LANS, first. That allows web page access to things like e-mail. IPhelper is used to help get DHCP across different subnets, and Netbios helper will help with netbios broadcasts.
0
 
ljp102Commented:
yes.
0
 
pjamCommented:
We are currently doing that ourselves having migrated from our old domain to our new leaving the old DC there.
0
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
ChiefITCommented:
You can even create a trust relationship between domains so that they can share files and printers between the two.

But, for organization, have you considered two different virtual LANS (VLANS).
0
 
mjb765Author Commented:
I have multiple VLANS now...just trying to avoid having to create another one. I have no problem creating another SSID and another RADIUS server for the wireless users on the new domain.  Should I just create a different DHCP scope range in the same subnet with DNS pointing back to both domains?
0
 
ChiefITCommented:
DHCP is a broadcast protocol and it would be difficult to create a new scope range without making certain that each computer you bring aboard that broadcast domain, has a MAC reservation within DHCP.  This is why I was advocating a VLAN configuration. Nonetheless, you still can have two domains on the same subnet and within the same DHCP scope/address pool.

DNS is populated by the client. So, it's not as important to separate that. It will be separated upon registration.
0
 
mjb765Author Commented:
Without using the reservation...do you think it would work using DNS settings that point to each domain's DNS server and then let the PC find the correct domain to log into?
0
 
ChiefITCommented:
Regardless of DNS or DHCP, you still have to add the computer to one of the domains. Otherwise it's just a workgroup computer. Since joining a domain is manual, DNS or DHCP is NOT a factor in deciding what domain you join.

You will just have two domains sharing the same DHCP scope/address pool and DNS servers. However, after joining the domain, you will have to create two different zones, one for each domain, on the DNS servers they share. The split comes when you use permissions. AD is split into two domains. Now, those two domains can trust each other and that split can be negligable.

DHCP will be a little confusing. You will not be able to look at a computer and decide which one is on which domain. But, who really cares.
0
 
mjb765Author Commented:
DNS is always a factor when joining the domain, as the PC will need to have the correct DNS info to find the DC for the domain it is trying to join. But like I said..as long as both DHCP scopes are on the same subnet and provide a pointer to each DNS server then you are saying this should work. I am going to separate wireless clients by SSID so that when they attempt to connect to a specific SSID, that will point them to the correct RADIUS server which will then authenticate to the correct AD.....still sound good?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.