Two Active Directory Domains in a single subnet?

"Company B" will be providing managed services for "Company A".

Existing network (domain controller) at "Company A" cannot be physically plugged into our network "Company B" as it has been infected with various variants of virus and we would like to extract all relevant A.D & DNS related records from "Company A" and import them into a brand new domain controller on a network in "Company B".

Is this possible and What is the process for keeping these separate networks under one subnet? Will bringing in an additional domain into existing "Company B" subnet cause any issues with existing infrastructure? More below.

The main objectives:

Two active directory domains & domain controllers separate from one another in a single subnet

separate DHCP scopes

separate DNS

separate group policy, etc..
EncinitasAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Esteban BlancoPresidentCommented:
It's possible.  Don't do trusts between the domains.  You will have to create AD accounts on the different domains which is a pain but it's possible for them to be separated.
0
Nick RhodeIT DirectorCommented:
Well you would follow the standard method for doing a transition.  Company B should not have DHCP turned on until all systems have been removed from Company A, once that is complete turn off DHCP on Company A and turn it on Company B and rejoin the workstations.  Do you have 2 different domain names?
0
EncinitasAuthor Commented:
Yes to different domain names
0
Newly released Acronis True Image 2019

In announcing the release of the 15th Anniversary Edition of Acronis True Image 2019, the company revealed that its artificial intelligence-based anti-ransomware technology – stopped more than 200,000 ransomware attacks on 150,000 customers last year.

Esteban BlancoPresidentCommented:
Here is a TN on how to do it with best practices.

http://technet.microsoft.com/en-us/library/cc974332(v=ws.10).aspx
0
SandeshdubeySenior Server EngineerCommented:
You have two option first is to fix the issue on company A domain which is infected woth virus do health check of AD and then use ADMT to migrate.

You need to understand nuances of ADMT and its working before you actually taken on migration production env.Also, its much better if you can simulate in a lab environment for successful result. I have below link which might help you to understand this. Start from reading ADMT guide first.

ADMT Guide: Migrating and Restructuring Active Directory Domains
http://technet.microsoft.com/en-us/library/cc974332(WS.10).aspx

MIGRATING STUFF WITH ADMTV3
http://blogs.dirteam.com/blogs/jorge/archive/2006/12/27/Migrating-stuff-with-ADMTv3.aspx

http://social.technet.microsoft.com/wiki/contents/articles/13904.how-to-migrate-users-across-forest-cross-forest-using-admt-3-2-with-sid-and-passwords.aspx

Option two is time consuming you need to create AD account for companyA user in CompanyB and disjoin the clients computer and join to domain CompanyA.You also need to migrate the profile from old domain to new domain.
For profile migration from one domain to other see this
http://technet.microsoft.com/en-us/library/dd560801(WS.10).aspx
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
EncinitasAuthor Commented:
Would it be best to add the domain to our forest? What would be easier and make more sense?
0
SandeshdubeySenior Server EngineerCommented:
You cannot add domain directly to existing forest.You need to install new domain in existing forest if you want different domain and then you  ADMT to migrate users/computers.

I will not recommend to create new domain in existing forest unless there is strong business requirement.

How many users and computers are there which need to be migrated?
0
EncinitasAuthor Commented:
17 users 20 pc's.
0
SandeshdubeySenior Server EngineerCommented:
As the nos of users/computer are less I will recommend to create new users in existing domain.Disjoin the client machine and join the machine to existing domain and do profile migration as suggested earlier.Perfrom this activity during non business hours for minimal impact.
0
EncinitasAuthor Commented:
If I put the two separate domain on the same subnet but separated with v-lan would that work? Can I use two dhcp servers?
0
Cliff GaliherCommented:
By definition, computers on separate VLANs are not on the same subnet. You will have to plan accessibility, routing, and management accordingly.
0
EncinitasAuthor Commented:
There are only 20 pc's if I use static IP's will this resolve everything?
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.