Multiple Domains

Reasonably, you don't. By all implications, this is a new/greenfield/lab setup, and you'd never intentionally do two forests if they are going to be servicing the same organization. A single forest, and usually a single domain, is sufficient with delegation.

Existing forests sich as what happens with corporate mergers, can be brought closer together with domain trusts, bit the management experience is not seamless, nor would it be expected to be. You could go that route...but again, gotta ask why you set up two forests in the first place in a lab.

If you are a service provider/MSP/etc, you don't want to try and do detailed management of different servers from a single machine. Most security folks will tell you this is bot good strategy. From PAWs to more recent technologies like shielded VMs, the idea is to *prevent* credential/ticket leaks, bot enable new paths for then to occur.

And there is no 2016 R2.

Hi Cliff,

Thanks for responding so quick.

I have no problem having one active directory to manage two separate domains

sample.com.au
sample.services

What do I need to do to manage the two domains on the one Active Directory Forest ?

Sorry I meant "Windows Server 2016 Standard".

I'd need to know more about what you are trying to do and why. For starters, it is worth pointing out that the concept of an "Active Directory Domain" is *not* the same as a public domain name many people unintentionally conflate the two. Even if you have many public registered domain names, you often only need one Active Directory domain.  Don't set up multiple domains in a forest, or multiple forests unless doing so solves a very specific need that cannot be solved more easily another way. And you should be able to define that need in a sentence or two.

When you set up the first DC in domain, you are given 3 options. Add to existing forest, add to existing domain, new forest.  If you are starting new the first domain sets up the forest name the same as the domain name. Within each domain you can have sites..

A forest is many trees and each tree has many branches.

Hi Cliff,

Ok to help you understand where I am going with this, the scenario in more detail is as follows:

1. We have two public domains eclfuelquip.com.au & eclgroup.services
2. eclfuelquip.com.au has been setup as the primary domain controller on the Windows Server 2012 R2 Virtual Server which users authenticate against for SMB, Mail etc.
3. Currently eclgroup.services is not managed by any server.
4. Next we use a product called VMWARE Airwatch that gives me the ability to manage our 35 iPhones and 90+ IPads via a web console.
5. I now have a need where I need to setup eclgroup.services usernames in Active Directory and integrate them with our VMWARE Airwatch Enviroment. Currently i have successfully integrated eclfuelquip.com.au users with our Airwatch Enviroment and it is working well.

How do I get eclgroup.services in our current eclfuelquip.com.au active directory ?

give eclgroup.services has a domain controller and add it to the eclgroup.com forest

Thanks for your assistance on this Cliff. It seem to have done the trick