Re: 2 DC's in single domain with 2 Vlans
- From: "Paul Bergson [MVP-DS]" <pbbergs@xxxxxxxxxxxxxx>
- Date: Wed, 10 Jun 2009 07:33:04 -0500
Inline
--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.
"maki" <maki@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:1D32FFEC-8246-477B-81E2-18439DEE9130@xxxxxxxxxxxxxxxx
I've got a question about this scenario: same company, two different staff
groups: Staff A and Staff B. Each one is separated by different vlans. So
one is on for instance 172.16.a.b network and the other is on a
192.168.16.a
network. They should not see each other at all. Now, if the domain is
called
company.com, can I assume that:
1. I can create 2 DC's with Active Directory - one for each group of staff
and call them staffA.company.com and staffB.company.com?
Seems like with limited resources you should be using the two dc's for fault
tolerance and seperating the two with different OU's. If you have a dc
crash no one in that domain will be able to auhtenticate until the dc comes
back online If you have to reboot the DC, no new tickets (Kerberos),
logons, etc.. until the DC comes back online. So I would rethink your
strategy to see how you can work this out since you are so cash strapped.
Remember staffA is
on 172 network and staffB on 192...Oh, also - each server is also a
DHCP/DNS/Printer/Antivirus server as the company doesn't have enough money
to
follow Microsoft recommendations. I am trying to picture if I go to a
membr
of Staff A and want to join his computer to the domain - what do I type in
the domain bit when joining the computer? company.com or
staffA.company.com?
Do I just let te ip address help direct the computer to the particular DC?
How would I connect them to particular DC they should belong to? Or do I
need
to create parent site company.com and then child sites staffA.company.com
and
staffB.company.com?
Each domain doesn't need a root. When you go to join the domain you will
enter the AD domain name and it will then ask you for a user id and password
that has the authority to join a pc to the domain. By default every common
user in a domain has the authority to join 10 pcs.
2. If the 2 DC's can be within same domain as above initially thought -
what
if I add a mail exchange server called mail and only want it to be for
StaffA
(staffB have no need to use email server) - can I just connect
staffA.company.com to mail.company.com? I assume staff B will not be able
to
see the mail server then?
Yes all can ping this Exchange server but only those given an account within
Exchange could use the machine.
Am new at all this so was just wondering.
It appears you are in way over your head, so I would recommend you get your
self a good first book on Active Directory and start learning how to build
and maintain it.
Best of luck
Thanks.
.
- References:
- 2 DC's in single domain with 2 Vlans
- From: maki
- 2 DC's in single domain with 2 Vlans
- Prev by Date: Re: multiple User logon name?
- Next by Date: Re: Movetree User, local profile issue Windows cannot log you on because your profile cannot be loaded...
- Previous by thread: Re: 2 DC's in single domain with 2 Vlans
- Next by thread: Help moving a single user from a child to a parent domain
- Index(es):
Relevant Pages
|
