Link to home
Start Free TrialLog in
Avatar of -Darvin-
-Darvin-Flag for United States of America

asked on

Joining two separate domains into one AD Sites and Services?

I have been really struggling with what to do.  I don't know if this is the appropriate place to ask the question but I don't have much in the way of options.

I have two locations that currently operate independently.  We can call them domainone.com (main office) and domaintwo.com (remote manufacturing).  They both are on seperate /24 networks.

Each has it's own domain controller, terminal server, exchange server, and ERP.  All running Server 2008 R2.

We are currently connected to one another through two Talari boxes (think VPN tunnel using multiple ISP's with a sprinkle of wan op).  So we can access resources on both ends through this tunnel but can not resolve names.

The ERP application is being consolidated into one Database so must be served out of one location.  domaintwo.com will access this ERP application via published app in terminal services at domainone.com.

The goal is to provide the users in domaintwo.com with the best experience possible while also saving money and lowering support needs at domaintwo.com.  My initial plan had all data moving from domaintwo.com to domainone.com and having domaintwo.com use resources entirely through TerminalServices.  We do that now with another (smaller) site and that works well.  I worry about performance however, and various other issues that may crop up.  

It was suggested to me that instead it would be best to set up a new domain controller at domaintwo.com and join that domain controller to domainone.com.  Use migration tools or manually re-create the AD accounts for users who were previously domaintwo.com.  Also, we would need to create PST files for all mailboxes to import into domainone.com for the newly created mailboxes.  We would then need to re-auth all clients to the new domainone.com controller on site.

I believe this would use AD sites and services, but what about addressing?  Will I need to change addressing on both sites?  As I said each runs it's own /24 now.  If we pulled them both under one /24 address space 253 addresses would be a bit tight but doable.  Is it possible to run AD Sites and Services with each side having separate class and not really sub-netted?

Example being site A 192.168.1.0/24 and B being 192.168.2.0/24  From what I understand that isn't sub-netting as each is it's own class C with a 24 bit mask.  To subnet properly I would need a /23 or /22 correct??

I have been struggling with what to do and second guessing myself too long.  Any advice or thoughts on this would be welcome at this point.
ASKER CERTIFIED SOLUTION
Avatar of Cyclops3590
Cyclops3590
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of -Darvin-

ASKER

The domains are in separate forests.  This is a company we purchased earlier this year so we were completely separate until recently.

I haven't been able to get this working in a test environment yet.  I installed a new server at the remote site, but it can not log into the domain at primary site to become a member server.  It can't find a srv record for domainone.com.  I am wondering if this may be due to addressing.  I mentioned this in my original question but it is unclear to me.  Currently Domainone.com has a 192.168.1.0/24 address where Domaintwo.com is 10.0.0.0/24.

This is the way our currently wan connection works through those address spaces.  So, it may be that I can not test until we are in the same address space.  192.168.1.0/24 and 192.168.2.0/24 for example.  Is that right??  In order to be a valid subnet wouldn't the mask need to be /23??  Isn't 192.168.1.0/23 and 192.168.2.0/23 a valid mask for that subnet??
No, addressing has absolutely nothing to do with it.  For that site2 domain1 DC to connect, you need to ensure that it uses a DC-DNS from domain1.  This might require a site-to-site vpn being built between your two sites if one doesn't already exist.  Make sure that the server you're setting can use the domain1 dns servers by issuing a command like

nslookup www.google.com 192.168.1.x

where x is the ip specific to the dns host.  if that doesn't work you can't connect the new server to the domain.  that must be rectified first.  But trust me, do NOT put both sites into the exact same subnet.  Then you for sure will not get things working.
Thank you, I did the local address conversion this last weekend and that went well.  This upcoming weekend I will be setting up the other site and will do as you suggested.  Once that is complete I'll revisit this thread.  Thanks for your help so far!