Two AD domains on the same IP network
Posted on 2013-06-19
We are planning to split a company into two thus two AD domains. The existing domain is based on SBS 2003 (essentially it is Windows 2003 Server + Exchange 2003 in one package, with the limitations that all of them have to be on the same physical server box and the SBS domain cannot trust or be trusted by other domains).
We will get a second domain based on 2008R2 with Exchange 2010 (no longer SBS, just standard domain). Half of the computers, member servers, users, files, groups, mailboxes will be moved to the new domain. The existing domain has several member servers that host various databases.
At least for initial phase, the two domains will be on the same IP network.
I know it is possible to host multiple domains on the same network but I am aware there might be some snags down the road. In particular the DNS servers. I know AC depends heavily on DNS for it to work. What should we do with the DNS server settings for the client computers as we disjoin them from the old and join them into the new domain?
Currently there is one DHCP server (that's the router on the Internet connection point) that assigns IP address, DNS servers, WINS etc to clients. It appears that the best pratice is to use the DC as DNS server in each domain for its client computers in respetive domain. If so, does it if I make the client computer to use DHCP to get IP/netmask only, and set the DNS/WINS manually for them?
For moving the half of the users/groups to the new domain, since the two domains cannot trust each other, I imaging I have to create them in the new domain - this is actually not moving at all. Moving the files would be OK - they are on separate servers already I just need to re-assign permissions once I have the users/groups created in the new domain.
Now the Exchange mailboxes. What's practical way to move them? Half of them need to go to the new exchange 2010 server, not in the same admin group, not in the same organization, not in the same domain or forest, and the domains cannot trust each other. Do we have to resort to moving all mailbox contents to PST files and let the users move them back the new mailboxes? This would be a huge headache.
After we have the two domains work properly, eventually we will separate the physical network. The new domain will be on a new IP network. What is the consequence of changing the IP address of the DC (2008R2) to something entirely different?
Please provide your opnions on this plan, or something I missed.