Solved

Two domains within the same IP range

Posted on 2014-04-05
10
263 Views
Last Modified: 2014-04-08
Hi,

We are in the process of implementing MS Dynamics AX and a requirement by our consultants is to have a test environment. We can build this environment and let it use our live AD setup however I wish to avoid this and keep the production setup only for the Live Dynamics install.

The quesiton I have is, since we are installing this test environment on virtual machines and hosting it on a virtual server (HyperV) that is on the current live domain, when we install a virtual machine and promote it to a domain controller to host the demo environment (requirement for Dynamics) will both the demo Active Directory and production Active Directory setups interfere with each other on any note?

I'm a little worried about having both domains running.

(Separate IP range can be used but would make things extremely complicate) (Restricted to only local VM to VM traffic can be used but the servers need outside access)

windows server 2012r2 (to be test domain) windows server 2008 (current live domain)

Thanks!
0
Comment
Question by:dqnet
10 Comments
 
LVL 10

Accepted Solution

by:
CSIPComputing earned 250 total points
Comment Utility
I regularly run this sort of thing to test scenarios.

The biggest problem is DNS. Your DHCP server must be configured correctly, to include DNS servers which know about both domains.

Are you happy to modify the production DNS servers to know about the test domain, or do you use DNS severs on the test domain and update dhcp to also include those DNS servers in the scope?

With DNS sorted it'll work fine :-)
0
 
LVL 35

Assisted Solution

by:Mahesh
Mahesh earned 250 total points
Comment Utility
Generally production domain and test lab domain never communicates with each other unless you setup domain trust between them

If both domains used on same segment you can access \ ping both infra servers with single label name (NetBIOS) due to NetBIOS broadcast but this will not create any harm
If you have IT security department, they don't like such things as according to them this is security breach
If you don't have IT security department, you can simply start both domains in same segment. Also your test environment should have its own DC\DNS server

Also regarding external access what are you expecting ?

If this is Internet access, you can simply put DNS forwarders in your test lab DNS pointing to ISP DNS in that case
OR
If you are using Proxy server, you can put proxy server in IE settings and can use username\password from production domain to access internet if required
OR
You can simply put internet data card on test domain for internet access

According to security expert you should have complete Isolate test environment with separate internet access which some times not useful based upon your requirements and whatever infra you have.

Mahesh.
0
 
LVL 16

Expert Comment

by:Shaik M. Sajid
Comment Utility
the dynamics installation... specially u don't need any separate domain ... the Dynamics is Authenticates from the Domain controller..

that means only for authentication purpose u need AD... so install the separate Dynamics server with separate database... and assign permission with same active directory...

no issues...

if u still want to create a real time scenario... separate...   copy the server hd2vhd tool create VHD  and add it to any hyper-V server and work on it...  make it sure clients should not communicate each other...  of both domains communicate with same domain name ... the entire directory will goes corrupt...

so don't ever use the same domain name or domain copy on the same network...

all the best
0
 

Author Comment

by:dqnet
Comment Utility
Totally understand.

Yes we currently use static IP addressing on our production LAN and will do so for the Demo LAN too. So DHCP broadcasts shouldnt really be a problem.

The DNS part is a good question.
Now if we add a few records in our live DNS servers that point to our Test Dynamics AX Servers would that be safe?

I mean ultimately I would love to have them on completely separate networks so there is no interference whatsoever but it would be next to impossible to route traffic easily without getting all sort of network gear in place.

Do I really have any other options?
0
 

Author Comment

by:dqnet
Comment Utility
?
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 
LVL 10

Expert Comment

by:CSIPComputing
Comment Utility
Apologies for the delay in replying. Yes DNS pointers in your production environment relating to your test domain are really all that is required, HOWEVER, if you are using static IP addresses for every device in your test environment (including your test clients) then the DNS in your test AD will deal with everything in your test domain (provided you statically assign the DNS servers for test clients to the test DNS servers) and you need make NO changes to your production environment. This is of course safest :-)
0
 

Author Comment

by:dqnet
Comment Utility
Perfect..! Thanks a million..!

Are these cases rare? Two domains on one network?
0
 

Author Comment

by:dqnet
Comment Utility
?
0
 
LVL 10

Expert Comment

by:CSIPComputing
Comment Utility
These cases are rare in production systems.

However, as a system builder/integrator, it's a regular occurrence here.

Sometimes I segregate networks with a VLAN, others I use a Router to provide internet access whilst maintaining segregation, and others I just throw a wire and hook straight up.
0
 

Author Comment

by:dqnet
Comment Utility
Gotcha.. Thanks!!
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Will try to explain how to use the VMware feature TAGs in the VMs and create Veeam Backup Jobs using TAGs. Since this article is too long, I will create second article for the Veeam tasks.
In this Micro Tutorial viewers will learn how to use Windows Server Backup to create full image of their system. Tutorial shows how to install Windows Server Backup Feature on Windows 2012R2 and how to configure scheduled Bare Metal Recovery backup.…
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now