Active Directory Domain service conflicts?

Posted on 2014-08-31
Last Modified: 2014-09-05
I have been requested to attach a Microsoft Dynamics 2012 test system to current Windows 2008 domain/network to allow remote access for a group of testers. The test system consists of a Hyper-V server and 4 VM's, one of which acts as a domain controller/provides domain services for the Contoso domain.

My question comes from a concern over conflict with our current domain controllers. can someone confirm this would not be a good thing? If anyone can point me to a MS document that describes whether or not this is appropriate I would appreciate it.

Question by:agradmin
    LVL 2

    Expert Comment

    What you've been asked to do seems reasonable and possible.  Your test setup could be on the same network as production as long as it is not some kind of clone (renamed or otherwise) of the production Forest/Domain. I can think of a few ways to set this up, but it all depends on your infrastructure. You could keep the test domain isolated via firewall, etc. and open up RDP port (3389) for access. You could setup a one-way Domain trust with the production so that users in the production Domain could be granted access to resources in the test domain. Those are just a couple that came to mind - It really depends on your infrastructure, security requirements, remote access setup, etc.

    If you decide to setup a trust relationship, here's a link to more information on that:
    Active Directory Domains and Trusts

    Even though you shouldn't need to go this far, similar situations arise during mergers and acquisitions,

    Restructuring Active Directory Domains Between Forests
    The link is for 2003, but the process would be similar

    Hope that helps...
    LVL 2

    Accepted Solution

    A couple more thoughts... The bottom line is that you should be able to safely allow users access to both domains while using the existing client systems. One major item that you'd have to address is DNS, and how clients will lookup resources in the test domain. You could setup a secondary zone on your production DNS servers while keeping the Test Domain/Forest separate. One thing to keep in mind if you add a trust - It will be visible in drop-down domain lists for all production systems once it's setup.

    Author Closing Comment

    Thanks for the insight!

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
    The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
    To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now