Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Two domains within the same IP range

Posted on 2014-04-05
10
Medium Priority
?
274 Views
Last Modified: 2014-04-08
Hi,

We are in the process of implementing MS Dynamics AX and a requirement by our consultants is to have a test environment. We can build this environment and let it use our live AD setup however I wish to avoid this and keep the production setup only for the Live Dynamics install.

The quesiton I have is, since we are installing this test environment on virtual machines and hosting it on a virtual server (HyperV) that is on the current live domain, when we install a virtual machine and promote it to a domain controller to host the demo environment (requirement for Dynamics) will both the demo Active Directory and production Active Directory setups interfere with each other on any note?

I'm a little worried about having both domains running.

(Separate IP range can be used but would make things extremely complicate) (Restricted to only local VM to VM traffic can be used but the servers need outside access)

windows server 2012r2 (to be test domain) windows server 2008 (current live domain)

Thanks!
0
Comment
Question by:dqnet
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 10

Accepted Solution

by:
CSIPComputing earned 1000 total points
ID: 39979897
I regularly run this sort of thing to test scenarios.

The biggest problem is DNS. Your DHCP server must be configured correctly, to include DNS servers which know about both domains.

Are you happy to modify the production DNS servers to know about the test domain, or do you use DNS severs on the test domain and update dhcp to also include those DNS servers in the scope?

With DNS sorted it'll work fine :-)
0
 
LVL 38

Assisted Solution

by:Mahesh
Mahesh earned 1000 total points
ID: 39979991
Generally production domain and test lab domain never communicates with each other unless you setup domain trust between them

If both domains used on same segment you can access \ ping both infra servers with single label name (NetBIOS) due to NetBIOS broadcast but this will not create any harm
If you have IT security department, they don't like such things as according to them this is security breach
If you don't have IT security department, you can simply start both domains in same segment. Also your test environment should have its own DC\DNS server

Also regarding external access what are you expecting ?

If this is Internet access, you can simply put DNS forwarders in your test lab DNS pointing to ISP DNS in that case
OR
If you are using Proxy server, you can put proxy server in IE settings and can use username\password from production domain to access internet if required
OR
You can simply put internet data card on test domain for internet access

According to security expert you should have complete Isolate test environment with separate internet access which some times not useful based upon your requirements and whatever infra you have.

Mahesh.
0
 
LVL 17

Expert Comment

by:Sajid Shaik M
ID: 39979990
the dynamics installation... specially u don't need any separate domain ... the Dynamics is Authenticates from the Domain controller..

that means only for authentication purpose u need AD... so install the separate Dynamics server with separate database... and assign permission with same active directory...

no issues...

if u still want to create a real time scenario... separate...   copy the server hd2vhd tool create VHD  and add it to any hyper-V server and work on it...  make it sure clients should not communicate each other...  of both domains communicate with same domain name ... the entire directory will goes corrupt...

so don't ever use the same domain name or domain copy on the same network...

all the best
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 

Author Comment

by:dqnet
ID: 39981108
Totally understand.

Yes we currently use static IP addressing on our production LAN and will do so for the Demo LAN too. So DHCP broadcasts shouldnt really be a problem.

The DNS part is a good question.
Now if we add a few records in our live DNS servers that point to our Test Dynamics AX Servers would that be safe?

I mean ultimately I would love to have them on completely separate networks so there is no interference whatsoever but it would be next to impossible to route traffic easily without getting all sort of network gear in place.

Do I really have any other options?
0
 

Author Comment

by:dqnet
ID: 39981660
?
0
 
LVL 10

Expert Comment

by:CSIPComputing
ID: 39981710
Apologies for the delay in replying. Yes DNS pointers in your production environment relating to your test domain are really all that is required, HOWEVER, if you are using static IP addresses for every device in your test environment (including your test clients) then the DNS in your test AD will deal with everything in your test domain (provided you statically assign the DNS servers for test clients to the test DNS servers) and you need make NO changes to your production environment. This is of course safest :-)
0
 

Author Comment

by:dqnet
ID: 39985042
Perfect..! Thanks a million..!

Are these cases rare? Two domains on one network?
0
 

Author Comment

by:dqnet
ID: 39986789
?
0
 
LVL 10

Expert Comment

by:CSIPComputing
ID: 39986901
These cases are rare in production systems.

However, as a system builder/integrator, it's a regular occurrence here.

Sometimes I segregate networks with a VLAN, others I use a Router to provide internet access whilst maintaining segregation, and others I just throw a wire and hook straight up.
0
 

Author Comment

by:dqnet
ID: 39987861
Gotcha.. Thanks!!
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
In this Micro Tutorial viewers will learn how to restore their server from Bare Metal Backup image created with Windows Server Backup feature. As an example Windows 2012R2 is used.
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question