Solved

Add a second Domain Name

Posted on 2014-03-18
18
232 Views
Last Modified: 2014-04-10
Hi

I use a Windows 2008R2 domain. I would like to add an other domain in the same forest. What is the easiest way to do?

Thank you
0
Comment
Question by:jpmoreau
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 8
18 Comments
 
LVL 21

Expert Comment

by:Radhakrishnan R
ID: 39936954
0
 
LVL 37

Expert Comment

by:Mahesh
ID: 39936971
It depends upon your scenario

1st of all you need to identify what driving you to create new domain

As far as possible avoid creating multi domain environment unless you have genuine needs \ management pressure (Politics)

In early day of 2003 AD, the main reason to have separate domain is to have a separate password policy for different divisions in same company
In 2008 you can have Fine grain password policy and thus you can have multiple password policies in same domain
Because creation of multiple domains is piece of cake, but its management is not simple and then you need to maintain lots of stuff

Now to answer your question:
You can add new member server in existing domain and then you can make it new child domain OR new tree root domain depending upon your situation
The process is pretty straight and dcpromo command will achieve that
You will get no of videos on you tube to promote new domains in existing forest

Mahesh
0
 

Author Comment

by:jpmoreau
ID: 39937924
OK. But I have to sites to manage and I really need to domain on the same forest. Just want to know how to create the second domain.
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 

Author Comment

by:jpmoreau
ID: 39942590
I want to add a child domain in the same AD and same forest. On the same DC.

Is it possible?
0
 
LVL 37

Expert Comment

by:Mahesh
ID: 39943205
You can add child domain to existing parent domain but not on same DC as parent domain

Parent domain will have its own DC and own domain wide FSMO

http://blog.pluralsight.com/server-2008-active-directory-adding-a-child-domain
0
 

Author Comment

by:jpmoreau
ID: 39943261
OK

I have two domain in two different sites. The sites are linked by a VPN. Should I linked them by AD in domain and trust?
0
 
LVL 37

Expert Comment

by:Mahesh
ID: 39943272
If you already have domains in different forest ?

Then why you are creating new domain OR you wanted to create trust between two domains and also same time wanted to create new child domain ?
0
 

Author Comment

by:jpmoreau
ID: 39943286
Ok

I have just changed my plans. I will only join these two domains. Creating a trust seems to be the best way.
0
 
LVL 37

Expert Comment

by:Mahesh
ID: 39943333
That's good decision

what is the domain and forest functional level of both domains ?

If both domains have 2003+ forest functional level, you can setup forest trust other wise you can setup external trust

Also download PortQueryui tool from Microsoft and check if AD ports are opened as appropriate

Check below port range if port query fails
http://support.microsoft.com/kb/179442

Check below link to setup DNS name resolution between both domains correctly as this is 1st prerequisites to build trust
http://www.experts-exchange.com/Software/Server_Software/Active_Directory/Q_28387793.html

Then check below links to setup forest trust \ external trust
http://searchwindowsserver.techtarget.com/tip/How-to-create-a-cross-forest-trust-in-Active-Directory
http://careexchange.in/how-to-create-two-way-transitive-trust-windows-server-2008-r2/

Mahesh
0
 

Author Comment

by:jpmoreau
ID: 39943359
That will surely help. I will keep you in touch.

Thank you
0
 

Author Comment

by:jpmoreau
ID: 39970283
It always says that the domain cannot be contacted
0
 

Author Comment

by:jpmoreau
ID: 39986958
It is working when I choose REALM trust.

I'm I able to use the users on booth side with this configuration? I mean take the user DOMAIN1\user and open a session on domain 2?

Thanks
0
 
LVL 37

Expert Comment

by:Mahesh
ID: 39986997
Realm trust cannot be setup between two windows domains

Realm trust is there for unix domains

Try below on DNS servers in both domains

1.On your DNS, click Start, and then click Run.
2.In the Open box, type cmd.
3.Type nslookup, and then press ENTER.
4.Type set type=all, and then press ENTER.
5.Type _ldap._tcp.dc._msdcs.Domain_Name, where Domain_Name is the name of your domain, and then press ENTER
6. if successful then Type _ldap._tcp.dc._msdcs.Domain_Name, where Domain_Name is the name of opposite domain, and then press ENTER
http://support.microsoft.com/kb/816587

Here if you get errors then you can't setup trust
 Hence you need to setup DNS name resolution 1st between both domains properly, then only you can setup trust

Mahesh.
0
 

Author Comment

by:jpmoreau
ID: 39987049
Not able to contact opposite domain
0
 
LVL 37

Expert Comment

by:Mahesh
ID: 39987148
what mechanism you have used for opposite domain name resolution ?
0
 

Author Comment

by:jpmoreau
ID: 39987178
The fact is that I don't really know what to do to resolve it.

I have just tried this command and that's it.

Type _ldap._tcp.dc._msdcs.Domain_Name, where Domain_Name is the name of your domain
0
 
LVL 37

Expert Comment

by:Mahesh
ID: 39987186
No I mean have you configured DNS secondary zone \ conditional forwarders or what
Other wise you cannot resolve opposite domain queries
0
 
LVL 37

Accepted Solution

by:
Mahesh earned 500 total points
ID: 39987192
Check below article to establish name resolution between both domains
http://www.experts-exchange.com/Software/Server_Software/Active_Directory/Q_28387793.html

Mahesh.
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you migrate a Terminal Server licenses server inside the 2008 server family, you can takte advantage of the build-in migration tool. If you like to migrate an older 2003 Server (and the installed client CALs) to a 2008 R2 server for example, you …
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question