Solved

Deploying new domain controller for different AD domain under the same subnet as the existing AD domain ?

Posted on 2016-08-28
6
136 Views
Last Modified: 2016-08-28
people,

I have the need to deploy a separate AD domain in my data center to manage new business that requires to be joined to the comapny.

In my current setup the Data center AD sites has 2x VMs runnning as Windows Server 2008 R2 AD FFL & DFL:

Data Centre AD Sites:
PRODDC01-VM - IP: 10.1.2.8 - Schema master for Domain.com AD
PRODDC03-VM - IP: 10.1.2.10 - Domain naming master for Domain.com AD

HQ AD Sites running 1x Windows Server 2012 R2 as Physical box:
HODC01 - IP: 10.1.30.6 - Infrastructure master, PDC and RID pool manager for Domain.com AD

So my plan here is to deploy 1x new Windows Server 2012 R2 VM as new AD domain:
Data Centre AD Sites:
PRODDC04-VM - IP: 10.1.2.120 - All FSMO Role for MyNewDomain.com AD

is that going to be working with no problem or is that a big issue not according to best practice ?
0
Comment
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 40

Accepted Solution

by:
footech earned 250 total points
ID: 41774275
There's no problem as far as AD is concerned.

Your only potential issue is to do with IP management.  You'd only be able to have DHCP for one of the domains.  Of course, there are benefits to having a logical separation of networks for different environments, and from that perspective what you're proposing is not best practice.
1
 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 41774277
from that perspective what you're proposing is not best practice

Thanks for the clarification Footech,

I was thinking that I cannot deploy domain controller for different AD domain in the same IP subnet as the current AD domain.

But yes, it is going to manage different company with different IP address anyway.
0
 
LVL 96

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 250 total points
ID: 41774286
As stated, there is no problem - BUT, make sure there are no duplicate names - don't name the DC the same as the existing DCs on the network, don't name the domain the same.  AD still broadcasts and when doing so things can get confused if you use the same names.
1
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 41774293
Cool, many thanks Lee.

So for the Domain Controller of a new AD domain, is it possible for me to create one way AD trust safely ?

From:

Existing: Domain.com -------into----> New: MyDomain.com
0
 
LVL 96

Expert Comment

by:Lee W, MVP
ID: 41774304
Sure, should be fine.
1
 
LVL 8

Author Closing Comment

by:Senior IT System Engineer
ID: 41774305
Thanks All !
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

635 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question