• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 428
  • Last Modified:

Two AD domains on the same IP network


We are planning to split a company into two thus two AD domains. The existing domain is based on SBS 2003 (essentially it is Windows 2003 Server + Exchange 2003 in one package, with the limitations that all of them have to be on the same physical server box and the SBS domain cannot trust or be trusted by other domains).

We will get a second domain based on 2008R2 with Exchange 2010 (no longer SBS, just standard domain). Half of the computers, member servers, users, files, groups, mailboxes will be moved to the new domain. The existing domain has several member servers that host various databases.

At least for initial phase, the two domains will be on the same IP network.

I know it is possible to host multiple domains on the same network but I am aware there might be some snags down the road. In particular the DNS servers. I know AC depends heavily on DNS for it to work. What should we do with the DNS server settings for the client computers as we disjoin them from the old and join them into the new domain?

Currently there is one DHCP server (that's the router on the Internet connection point) that assigns IP address, DNS servers, WINS etc to clients. It appears that the best pratice is to use the DC as DNS server in each domain for its client computers in respetive domain. If so, does it if I make the client computer to use DHCP to get IP/netmask only, and set the DNS/WINS manually for them?

For moving the half of the users/groups to the new domain, since the two domains cannot trust each other, I imaging I have to create them in the new domain - this is actually not moving at all. Moving the files would be OK - they are on separate servers already I just need to re-assign permissions once I have the users/groups created in the new domain.

Now the Exchange mailboxes. What's practical way to move them? Half of them need to go to the new exchange 2010 server, not in the same admin group, not in the same organization, not in the same domain or forest, and the domains cannot trust each other. Do we have to resort to moving all mailbox contents to PST files and let the users move them back the new mailboxes? This would be a huge headache.

After we have the two domains work properly, eventually we will separate the physical network. The new domain will be on a new IP network. What is the consequence of changing the IP address of the DC (2008R2) to something entirely different?

Please provide your opnions on this plan, or something I missed.

  • 2
1 Solution
Lionel MMSmall Business IT ConsultantCommented:
They will need separate DHCP servers because in the DHCP you assign the primary DNS server and that should be their logon server. You could remove the DHCP on the router and start DHCP on each server, 2003 included. Only problem i see with this is that since they will be on the same network you can't tell which DHCP they will find, which is a problem. When you say same network do you mean physical or IP addressng scheme or both? If you have PCs setup to "obtain IP automatically" and with two DHCP's on the same network you can't control which one they will get to first so what I would do is leave the current domain as is and make the new domain to not use DHCP and assign those IP and DNS settings to static. Another option if possible is to remove the cables for the new domain from your existing switch/router and plug those into a different router/switch--in essence separated by a physical switch/router and since there is no need for them to share anything or create a trust they can be separate using the same cabling in place now.

Regarding the Exchange migration there is a solution I have found very helpful but its not free -- you can get a free trial and see if it works for you https://www.migrationwiz.com/Public/SignUp.aspx
It's not ideal, but it is easily possible but there are a few issues here:

Server: make sure the 2nd domain is NOT SBS based.

DHCP: you may struggle to get dual DHCP working reliably but you do need to tell each PC which server to use as its DNS server. You may have to resort to assigning the PCs on the other domain with static IPs/DNS server instead of using DHCP.

DNS: not an issue. the two domains will basically ignore each other as long as the servers and PCs have the appropriate DNS server set.

Moving users: You are correct that you cannot 'move' the users and settings. you will effectively create new users on the new domain.

Mailboxes: easiest option is to use Outlook to export the mailbox to a PST, then import it into the new user's mailbox once the PC is added to the new domain.

files: you can easily map a drive using domain credentials so you can access shares from the old server and copy/move them across.

Once you physically separate the two systems they wont really mind and everything should be fine as long as any shared devices are replicated on the new network you create (eg default gateway on the same IP etc)
shutterhackerAuthor Commented:
Thank you so much for the responses.

Yes, I will make the second domain standard. I inherited the old SBS and won't do another SBS.

So basically if the computers in the two domains use their respetive DC as DNS (the DNS on the old DC has ISP's DNS as forwarders for all outside domains, and I will do same for the DNS on the new DC), the two domains won't interfere with each other?

I don't plan to use a second DHCP. There are about 40 PCs to be in the new domain. It will be a pain to manually set the IP (I think IP still can use the DHCP) and DNS/WINS, but I will be at the PC consoles to disjoin/join the domains anyway, it is still doable to manually set it.

For mailboxes, other PST files through outlook, I heard the tool Exmerge and the cmdlets to do it on the server, anyone has hands-on experience on that?

Files do not seem to be a big deal. I already put all files to be moved on the member server that will move. I think I just assign the permissions to the member server's local users group for the time being, after the member server joins the new domain, all domain users in the new domain will have access. Detailed permissions can be worked out later.
Yep, youve got it about right.
As long as the two domains are not related (eg dom1.domain.local & dom2.domain.local) the two systems are controlled simply by which DC the client pcs use as dns server.
Its not ideal to share a network as there will be a lot of traffic bouncing around, but it will work fine.

Exmerge is fine and works well but it can be a bit of a faff to set up.
Best to assess which would take longer in your case: setup & test exmerge to export en-masse or just go around and export in outlook.

Importing into exch 2007,2010 & 2013 is pretty easy as theyve simplified the import process. Just make sure the pst file is named the same as the mail alias and importing is simple.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now