[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


Active Directory Domain service conflicts?

Posted on 2014-08-31
Medium Priority
Last Modified: 2014-09-05
I have been requested to attach a Microsoft Dynamics 2012 test system to current Windows 2008 domain/network to allow remote access for a group of testers. The test system consists of a Hyper-V server and 4 VM's, one of which acts as a domain controller/provides domain services for the Contoso domain.

My question comes from a concern over conflict with our current domain controllers. can someone confirm this would not be a good thing? If anyone can point me to a MS document that describes whether or not this is appropriate I would appreciate it.

Question by:agradmin
  • 2

Expert Comment

ID: 40296040
What you've been asked to do seems reasonable and possible.  Your test setup could be on the same network as production as long as it is not some kind of clone (renamed or otherwise) of the production Forest/Domain. I can think of a few ways to set this up, but it all depends on your infrastructure. You could keep the test domain isolated via firewall, etc. and open up RDP port (3389) for access. You could setup a one-way Domain trust with the production so that users in the production Domain could be granted access to resources in the test domain. Those are just a couple that came to mind - It really depends on your infrastructure, security requirements, remote access setup, etc.

If you decide to setup a trust relationship, here's a link to more information on that:
Active Directory Domains and Trusts

Even though you shouldn't need to go this far, similar situations arise during mergers and acquisitions,

Restructuring Active Directory Domains Between Forests
The link is for 2003, but the process would be similar

Hope that helps...

Accepted Solution

JohnB442 earned 2000 total points
ID: 40296047
A couple more thoughts... The bottom line is that you should be able to safely allow users access to both domains while using the existing client systems. One major item that you'd have to address is DNS, and how clients will lookup resources in the test domain. You could setup a secondary zone on your production DNS servers while keeping the Test Domain/Forest separate. One thing to keep in mind if you add a trust - It will be visible in drop-down domain lists for all production systems once it's setup.

Author Closing Comment

ID: 40307114
Thanks for the insight!

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Suggested Courses

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question