Two domains within the same IP range

Posted on 2014-04-05
Medium Priority
Last Modified: 2014-04-08

We are in the process of implementing MS Dynamics AX and a requirement by our consultants is to have a test environment. We can build this environment and let it use our live AD setup however I wish to avoid this and keep the production setup only for the Live Dynamics install.

The quesiton I have is, since we are installing this test environment on virtual machines and hosting it on a virtual server (HyperV) that is on the current live domain, when we install a virtual machine and promote it to a domain controller to host the demo environment (requirement for Dynamics) will both the demo Active Directory and production Active Directory setups interfere with each other on any note?

I'm a little worried about having both domains running.

(Separate IP range can be used but would make things extremely complicate) (Restricted to only local VM to VM traffic can be used but the servers need outside access)

windows server 2012r2 (to be test domain) windows server 2008 (current live domain)

Question by:dqnet
LVL 10

Accepted Solution

CSIPComputing earned 1000 total points
ID: 39979897
I regularly run this sort of thing to test scenarios.

The biggest problem is DNS. Your DHCP server must be configured correctly, to include DNS servers which know about both domains.

Are you happy to modify the production DNS servers to know about the test domain, or do you use DNS severs on the test domain and update dhcp to also include those DNS servers in the scope?

With DNS sorted it'll work fine :-)
LVL 40

Assisted Solution

Mahesh earned 1000 total points
ID: 39979991
Generally production domain and test lab domain never communicates with each other unless you setup domain trust between them

If both domains used on same segment you can access \ ping both infra servers with single label name (NetBIOS) due to NetBIOS broadcast but this will not create any harm
If you have IT security department, they don't like such things as according to them this is security breach
If you don't have IT security department, you can simply start both domains in same segment. Also your test environment should have its own DC\DNS server

Also regarding external access what are you expecting ?

If this is Internet access, you can simply put DNS forwarders in your test lab DNS pointing to ISP DNS in that case
If you are using Proxy server, you can put proxy server in IE settings and can use username\password from production domain to access internet if required
You can simply put internet data card on test domain for internet access

According to security expert you should have complete Isolate test environment with separate internet access which some times not useful based upon your requirements and whatever infra you have.

LVL 17

Expert Comment

by:Sajid Shaik M
ID: 39979990
the dynamics installation... specially u don't need any separate domain ... the Dynamics is Authenticates from the Domain controller..

that means only for authentication purpose u need AD... so install the separate Dynamics server with separate database... and assign permission with same active directory...

no issues...

if u still want to create a real time scenario... separate...   copy the server hd2vhd tool create VHD  and add it to any hyper-V server and work on it...  make it sure clients should not communicate each other...  of both domains communicate with same domain name ... the entire directory will goes corrupt...

so don't ever use the same domain name or domain copy on the same network...

all the best
Easily Design & Build Your Next Website

Squarespace’s all-in-one platform gives you everything you need to express yourself creatively online, whether it is with a domain, website, or online store. Get started with your free trial today, and when ready, take 10% off your first purchase with offer code 'EXPERTS'.


Author Comment

ID: 39981108
Totally understand.

Yes we currently use static IP addressing on our production LAN and will do so for the Demo LAN too. So DHCP broadcasts shouldnt really be a problem.

The DNS part is a good question.
Now if we add a few records in our live DNS servers that point to our Test Dynamics AX Servers would that be safe?

I mean ultimately I would love to have them on completely separate networks so there is no interference whatsoever but it would be next to impossible to route traffic easily without getting all sort of network gear in place.

Do I really have any other options?

Author Comment

ID: 39981660
LVL 10

Expert Comment

ID: 39981710
Apologies for the delay in replying. Yes DNS pointers in your production environment relating to your test domain are really all that is required, HOWEVER, if you are using static IP addresses for every device in your test environment (including your test clients) then the DNS in your test AD will deal with everything in your test domain (provided you statically assign the DNS servers for test clients to the test DNS servers) and you need make NO changes to your production environment. This is of course safest :-)

Author Comment

ID: 39985042
Perfect..! Thanks a million..!

Are these cases rare? Two domains on one network?

Author Comment

ID: 39986789
LVL 10

Expert Comment

ID: 39986901
These cases are rare in production systems.

However, as a system builder/integrator, it's a regular occurrence here.

Sometimes I segregate networks with a VLAN, others I use a Router to provide internet access whilst maintaining segregation, and others I just throw a wire and hook straight up.

Author Comment

ID: 39987861
Gotcha.. Thanks!!

Featured Post

Free tool for managing users' photos in Office 365

Easily upload multiple users’ photos to Office 365. Manage them with an intuitive GUI and use handy built-in cropping and resizing options. Link photos with users based on Azure AD attributes. Free tool!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Sometimes it necessary to set special permissions on user objects.  For instance when using a Blackberry server, the SendAs permission needs to be set. I see many admins struggle with the setting that permission only to see it disappear within a few…
Virtualization software lets you run different versions of Windows, Ubuntu Linux and other versions of Linux all at the same time, rather than running each one directly from your computer's hard drive.
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question