Re: Trust Requirements -- PDC to PDC Only?
- From: "Phillip Windell" <philwindell@xxxxxxxxxxx>
- Date: Wed, 14 Jan 2009 10:41:54 -0600
Trusts are between domain or forests,...not PCs.
"Somebody" is going to have to re-address their segments. Whoever has the
smallest number of machines in the conflicting subnet should be the one to
switch typically, since that would be the least work.
It might be easier to do that by creating a new segment first and then move
machines into the new subnet a few at a time by shifting the patch cables at
the Patch Panel (assuming you use one of those).
DHCP Clients will adjust automatically if a DHCP Scope is properly prepared.
Statically assigned machines will need manual adjustment just before the
cable switch. Doing them a few at a time keeps down the "mess" and is
easier to "keep your head around" where you are at.
Once there are no machines left in the old segment it can be removed.
When the IP mess is cleaned up the do Zone Transfers between one DC in one
system with one DC in the other system. You only need one DC from each side
for the Transfer,...AD Replication will take care of the rest. This makes
both LANs aware of the opposite LAN's "Naming". Then setup the Trust
between the Forests (not domains, not DCs, not PCs,...it is Forests).
As a substitute for Zone Transfers you might be able to use Conditional
Forwarders instead.
Do *not* do the Zone Transfers or Conditional Forwarders before the IP mess
is cleaned up.
Stub Zones would be less susceptable to IP conflicts since there are far
fewer DNS Records copied. MS's site should have plenty of articles for
determining the right approach to the Transfers and the best type of Zone to
choose in your situation.
--
Phillip Windell
www.wandtv.com
The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
"John Liles" <JohnLiles@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:8F97F3DF-440F-4616-A19F-68EF72D898EE@xxxxxxxxxxxxxxxx
I have a question on trusts; specifically, do all DCs in both domains need
to
be able to communicate, or just the PDC emulator on each side of the
trust?
The background to this question is that my company (Company A) has been
bought by Company B and we need to set up a trust between the two AD
domains.
Complicating matters is that our main set of subnets conflicts with some
used by Company B. For example, our DCs are on subnet 10.11.x.x; for
Company
B, that would route to Japan.
We're exploring various workarounds, and already know that NAT is not
viable
for setting up a trust. One possible solution the network guys are
looking
at is setting up static routing for individual IP addresses of DCs. Which
leads to my original question: if we go that way, would a static route to
our PDC emulator satisfy the communication requirements for a trust; or
would
we need static routes for each of our DCs?
Thanks for any insights!
--
JL
.
- References:
- Trust Requirements -- PDC to PDC Only?
- From: John Liles
- Trust Requirements -- PDC to PDC Only?
- Prev by Date: Auxiliary Class Question in ADAM
- Next by Date: Re: what's the effect?
- Previous by thread: Trust Requirements -- PDC to PDC Only?
- Next by thread: Re: Trust Requirements -- PDC to PDC Only?
- Index(es):
Relevant Pages
|
