how to connect 2 networks

Hi Experts,

I have taken over two separate networks. Network 1 and Network 2.
Network1 is a WIN2008 domain.
Network2 is a WIN2003 domain.
No direct connection exists.

My goal is two migrate all machines and services into my network.
Network1 has a physically Firewall.
Network2 has also a firewall but an old one -> ISA

What is the best way to migrate all users and services into my network1 ?
Eprs_AdminSystem ArchitectAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Will SzymkowskiSenior Solution ArchitectCommented:
First and foremost you will need to have a VPN connection between the 2 networks.

You then need to create a forest trust between the 2 networks.

Then use ADMT to migrate the AD objects that you want to move over.

Those are the high level steps that need to take place to successfully migrate AD objects to another domain.

Will.
0
Eprs_AdminSystem ArchitectAuthor Commented:
Hi,

both networks in the same server room.
Do I also need a VPN in this case ?
Or can I connect both networks in another way ?
0
Will SzymkowskiSenior Solution ArchitectCommented:
If both sites are located in on the same LAN then as long as you have routing in place between your firewalls and switches and there is network communication this is fine and a VPN is not required.

VPN would be required if the Forests need to make a connection across the internet.

Will.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

albatros99Commented:
So are they basically two networks in the same server room but on different network switches? Before connecting any switches etc. I would create a detaille inventory to ensure that there will be no IP conflicts, name conflicts etc.

Once you have network connection, consider seting up DNS forwarders and creating a two way trust between the two domains. That way you can access resources and start the migration process.
0
Eprs_AdminSystem ArchitectAuthor Commented:
both networks in one room but separated.
all separated, switches firewalls, internet, all.
0
Will SzymkowskiSenior Solution ArchitectCommented:
As long as you can configure routing between the 2 networks you can accomplish a forest trust and then use the ADMT to migrate your objects over.

Without having network connectivity between the networks you won't be able to create the forest trust. However in your situation this is very doable.

Will.
0
albatros99Commented:
You could use a Windows 2012R2 server with 2 NIC's and the RRAS role installed to route between the two networks.
0
David Johnson, CD, MVPOwnerCommented:
best to treat them as totally different and create  a site-site vpn between them. By doing so you won't be introducing a possible network collision problem. We do the same whether they are in the same hyper-v cluster or another different clusters Actually we don't but the customers that rent compute/storage do this.
0
Will SzymkowskiSenior Solution ArchitectCommented:
@Albartro99
You could use a Windows 2012R2 server with 2 NIC's and the RRAS role installed to route between the two networks.

He already has the appropriate hardware in his datacenter to achieve routing between the routers that are in place.

@David
Why create a VPN on a local LAN? This is going to create much more configuration and over-head from a Network Standpoint. Also it is easily acheivable for routing between 2 different vlans throught the firewall. We has 2 firewalls on both environment so as long as he has the rules and network set there should be no issues.

Will.
0
Alessandro ScafariaInfrastructure Premier Field AdministratorCommented:
Will you be able to connect the 2 firewall/router with a cable?

If yes, you're almost done......you will setup a route between these 2 subnets and you'll able to perform your task.

If not (sometimes you can't touch anything).....we have to setup a VPN for sure :(

But if you can, you have to tell us more about the network infrastructure....

network 1 and network 2 IPs.....what kind of firewall/router for each subnet?
0
great_gentle_manCommented:
hi

How many users in both networks, and what applications are you running them and what client os are you using.

Is it due to merger between two companies? if yes do you need to maintain any name and other ids.
0
Eprs_AdminSystem ArchitectAuthor Commented:
Network1 has a Fortigate and Network2 has a ISA firewall, let me check how to connect them.
0
Eprs_AdminSystem ArchitectAuthor Commented:
Network2 has to be migrated into Network1.
Network2 has just

25 AD users
Exchange 35 Mailboxes
Terminal server farm
TSGW
SQL DB CLuster
ISA Firewall
0
Alessandro ScafariaInfrastructure Premier Field AdministratorCommented:
Probably your scenario is a sort of "merge" of companies as Experts suggested.....

Here we go with other questions about some other "obscure" points in your environment:

What's your idea of migration?
Do you want that abc.com and "nbc.com" has to merge into the only "abc.com" domain?
Or network2 has to become a sort of "brunch" or "2nd office" or another HQ for network1?
What happens to "nbc.com" (my network2 example of your scenario) after the migration? Will it simply "deleted"?

I ask this because you may handle your migration in several ways......you may plan to migrate your network2 as a sort of "dislocated office" for your MAIN network1 or instead push all users and services into the main box of network1 with some limitations...

Tell me your ideas....
0
Eprs_AdminSystem ArchitectAuthor Commented:
Hello,

the idea is to merge like your example:
Do you want that abc.com and "nbc.com" has to merge into the only "abc.com" domain !!

After the merge the network2 will be deleted.
Just the email addresses are coexists for some month, then they also die....
0
great_gentle_manCommented:
kindly list Fortinet model number and number of empty ports.

TSGW= Terminal Service Gateway, am i right here. will the terminal server farm exist or will also die.

Sql Db Cluster means that they are using some erp/database applications, you should be very careful about database permissions after migration.
0
Eprs_AdminSystem ArchitectAuthor Commented:
The Fortigate model is 200B with some free ports.

The Terminal Server Farm can die, because we have already one in our network1. But we have to configure all the APPS on it.

Yes with SQL they use NAVISION, and a WEBSERVER CLuster is also integrated.
0
Eprs_AdminSystem ArchitectAuthor Commented:
last question to ADMT tool, do I need connection also to the target domain ?
Because now, there is no connection yet.
The target and Source domain are physically not connected.
0
albatros99Commented:
You need a trust to use ADMT and you need working name resolution and rights in both domains. That implies a network connection.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Eprs_AdminSystem ArchitectAuthor Commented:
ok then I cannot use this tool.
What else can I do in this case ?
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.