Re: Parent/Child domains

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: James McIllece [MS] (jamesmci_at_online.microsoft.com)
Date: 03/22/04 

Date: Mon, 22 Mar 2004 13:51:48 -0800

"=?Utf-8?B?U3Rhbg==?=" <anonymous@discussions.microsoft.com> wrote in
news:B09A61AE-B70A-405D-AFD9-FF033803CDC9@microsoft.com:

> I'm tasked with setting up a network with 5 supervisors and 150
> workers. Supervisors would be domain admins. Supervisors ONLY will
> have Internet access. I'm dealing also with workers with above-average
> computers skills (i.e. they're able to work around a lot of blocks).
> Should I set up a parent domain for the supervisors only with internet
> access and a child domain for the workers and establish a one-way
> trust from child to parent, but not from parent to child? Would this
> prevent my workers from accessing the internet?

It would be a lot easier to just place the supervisors on a separate IP
subnet from the employees. I would not deploy two domains just to solve
this problem.

To deploy two IP subnets:

On your DHCP server, configure one scope for the supervisors' subnet and
one scope for the employees' subnet, using different IP address ranges for
each. (Or use two DHCP servers, one on each subnet. If you use only one
DHCP server, make sure that the router between subnets has DHCP forwarding
enabled.)

For the supervisors' subnet scope, use the DHCP Routers scope option to
provide clients on the superv's subnet with the IP address of the default
gateway to the Internet. If you are using Windows Server 2003 DHCP, you can
configure scope options while setting up each scope using the New Scope
Wizard. (For more info see Help topic "To install a DHCP server.")

On the empl. subnet, do not provide this scope option.

Make sure you configure options at the scope level rather than the server
level, or you will accidentally provide empl.'s with the IP address of the
default gateway. 

-- 
James McIllece, Microsoft
Please do not send email directly to this alias.  This is my online account 
name for newsgroup participation only.
This posting is provided "AS IS" with no warranties, and confers no rights.

Relevant Pages

  • Re: DHCP on two different subnets with a Virtual additional IP
    ... 1- Added an additional ip address on my dc (in the tcp/ip protocol properties) ... 2- added a dhcp scope on the x.x.10.0 subnet ... subnet everything functions...May be it's not possible for my dhcp server to ...
    (microsoft.public.windows.server.active_directory)
  • Re: DHCP on Primary IPs subnet only?
    ... "Try assigning the DHCP server's NIC a second static IP address from ... It should see the requests comming in from ... w.x.y.0/24 scope so it would not be confused. ... >> its primary IP is on that subnet. ...
    (microsoft.public.win2000.networking)
  • Re: 3 New Sites / New Company
    ... DHCP scopes to use per site. ... the question was do I need to only use the scope (subnet) for that site I ... DHCP Server and it has a correct Scope to "answer" the Query with. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Running out of IP addresses
    ... Create a new scope embracing the full subnet 1 thru 254 and assign the ... Range of a Scope,...you just can't change the mask (like making the subnet ... I understand that I will need to introduce a DHCP server on the ... Rather than introduce a hardware LAN router, ...
    (microsoft.public.windows.server.networking)
  • RE: Increase DHCP numbers
    ... have two other options: superscoping or resubnetting. ... Simply changing the DHCP scope parameters does not give you more leases. ... DHCP runs on top of your network subnet architecture and can hand out ...
    (microsoft.public.win2000.general)