Solved

Two domains within the same IP range

Posted on 2014-04-05
10
271 Views
Last Modified: 2014-04-08
Hi,

We are in the process of implementing MS Dynamics AX and a requirement by our consultants is to have a test environment. We can build this environment and let it use our live AD setup however I wish to avoid this and keep the production setup only for the Live Dynamics install.

The quesiton I have is, since we are installing this test environment on virtual machines and hosting it on a virtual server (HyperV) that is on the current live domain, when we install a virtual machine and promote it to a domain controller to host the demo environment (requirement for Dynamics) will both the demo Active Directory and production Active Directory setups interfere with each other on any note?

I'm a little worried about having both domains running.

(Separate IP range can be used but would make things extremely complicate) (Restricted to only local VM to VM traffic can be used but the servers need outside access)

windows server 2012r2 (to be test domain) windows server 2008 (current live domain)

Thanks!
0
Comment
Question by:dqnet
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 10

Accepted Solution

by:
CSIPComputing earned 250 total points
ID: 39979897
I regularly run this sort of thing to test scenarios.

The biggest problem is DNS. Your DHCP server must be configured correctly, to include DNS servers which know about both domains.

Are you happy to modify the production DNS servers to know about the test domain, or do you use DNS severs on the test domain and update dhcp to also include those DNS servers in the scope?

With DNS sorted it'll work fine :-)
0
 
LVL 37

Assisted Solution

by:Mahesh
Mahesh earned 250 total points
ID: 39979991
Generally production domain and test lab domain never communicates with each other unless you setup domain trust between them

If both domains used on same segment you can access \ ping both infra servers with single label name (NetBIOS) due to NetBIOS broadcast but this will not create any harm
If you have IT security department, they don't like such things as according to them this is security breach
If you don't have IT security department, you can simply start both domains in same segment. Also your test environment should have its own DC\DNS server

Also regarding external access what are you expecting ?

If this is Internet access, you can simply put DNS forwarders in your test lab DNS pointing to ISP DNS in that case
OR
If you are using Proxy server, you can put proxy server in IE settings and can use username\password from production domain to access internet if required
OR
You can simply put internet data card on test domain for internet access

According to security expert you should have complete Isolate test environment with separate internet access which some times not useful based upon your requirements and whatever infra you have.

Mahesh.
0
 
LVL 16

Expert Comment

by:Shaik M. Sajid
ID: 39979990
the dynamics installation... specially u don't need any separate domain ... the Dynamics is Authenticates from the Domain controller..

that means only for authentication purpose u need AD... so install the separate Dynamics server with separate database... and assign permission with same active directory...

no issues...

if u still want to create a real time scenario... separate...   copy the server hd2vhd tool create VHD  and add it to any hyper-V server and work on it...  make it sure clients should not communicate each other...  of both domains communicate with same domain name ... the entire directory will goes corrupt...

so don't ever use the same domain name or domain copy on the same network...

all the best
0
Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 

Author Comment

by:dqnet
ID: 39981108
Totally understand.

Yes we currently use static IP addressing on our production LAN and will do so for the Demo LAN too. So DHCP broadcasts shouldnt really be a problem.

The DNS part is a good question.
Now if we add a few records in our live DNS servers that point to our Test Dynamics AX Servers would that be safe?

I mean ultimately I would love to have them on completely separate networks so there is no interference whatsoever but it would be next to impossible to route traffic easily without getting all sort of network gear in place.

Do I really have any other options?
0
 

Author Comment

by:dqnet
ID: 39981660
?
0
 
LVL 10

Expert Comment

by:CSIPComputing
ID: 39981710
Apologies for the delay in replying. Yes DNS pointers in your production environment relating to your test domain are really all that is required, HOWEVER, if you are using static IP addresses for every device in your test environment (including your test clients) then the DNS in your test AD will deal with everything in your test domain (provided you statically assign the DNS servers for test clients to the test DNS servers) and you need make NO changes to your production environment. This is of course safest :-)
0
 

Author Comment

by:dqnet
ID: 39985042
Perfect..! Thanks a million..!

Are these cases rare? Two domains on one network?
0
 

Author Comment

by:dqnet
ID: 39986789
?
0
 
LVL 10

Expert Comment

by:CSIPComputing
ID: 39986901
These cases are rare in production systems.

However, as a system builder/integrator, it's a regular occurrence here.

Sometimes I segregate networks with a VLAN, others I use a Router to provide internet access whilst maintaining segregation, and others I just throw a wire and hook straight up.
0
 

Author Comment

by:dqnet
ID: 39987861
Gotcha.. Thanks!!
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
Here's a look at newsworthy articles and community happenings during the last month.
In this Micro Tutorial viewers will learn how to restore single file or folder from Bare Metal backup image of their system. Tutorial shows how to restore files and folders from system backup. Often it is not needed to restore entire system when onl…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question