Re: 2 AD domains same physical switches and router ?

As a personal opinion, I would move them completely off the existing
network and put them on your own switch with its own IP subnet. If the
existing switch supports VLANs you could probably get the techies to set up
your machines on a VLAN, but I would look at running it on your own hardware
as an AD site with no physical connection to the existing LAN. You would
have your own DNS and your own DHCP and your own network link to the
Internet and/or other sites.

"news.microsoft.com" <ChrisD@xxxxxxxxxxxxx> wrote in message
news:e6GSRa%23xHHA.1456@xxxxxxxxxxxxxxxxxxxxxxx
Thanks Guys.

I'll try to explain a little better.

The parent company in not a parent domain. we have moved away from them
and now have our own AD with sites around the world. Most of our sites are
on our hardware but we have a couple who are still piggy backpart of the
other companies domain.

At the moment our clients and servers are on our parent Companies domain.
We aim to split completely the clients and servers on this site and
migrate to ours. We are going to migrate them to our AD domain but i'm not
100% sure what is the best way to point them to our DNS servers..

If we keep them on the parent companies physical switches our clients will
obtain their DNS server IP's. We cannot have 2 dhcp servers on the current
infrastructure, one on their domain and one on ours so I can only see 2
options. Purchase new swithces, firewall etc or put in static DNS entries
into the clients.

Hope this makes it a bit clearer.




"Bill Grant" <not.available@online> wrote in message
news:e%23dkJb3xHHA.1164@xxxxxxxxxxxxxxxxxxxxxxx

"Ace Fekay [MVP]" <PleaseAskMe@xxxxxxxxxxxxxx> wrote in message
news:%23hJDCyzxHHA.4184@xxxxxxxxxxxxxxxxxxxxxxx
In news:eSKQGVvxHHA.2432@xxxxxxxxxxxxxxxxxxxx,
news.microsoft.com <ChrisD@xxxxxxxxxxxxx> typed:
We are looking at merging one of our remote sites into our AD.
Currently the remote sites resources live on our parent companies
domain and we access via trusts.

What i'm after help on is the best way to do this.

I'm not really wanting to have to put static dns entries onto the
client pc's as we have quite a few laptops which means users whould
have to change these if the want to use broadband etc. Is the
longterm best option to invest in some new hardware router/firewall
and keep our AD isolated?
TIA

I believe the operative term is migrate, not merge, that is if you want
the workstations and user accounts to be part of your Active Directory
infrastructure. Keep in mind, you can't just toggle a laptop from one
domain to another that easily. From your descritpiton, I am not sure if
this is your goal. Do you want to join them to your domain and leave the
parent?

Also, when you say parent domain, is this an actual parent domain in the
same forest?

In an intra-forest migration, ADMT tool can migrate the user from one
domain to another as well as computer accounts. For both of these
objects, it will copy the accounts to the target domain, then delete the
accounts in the source domain. They will no longer exist in the source.

If you want to keep them in the 'parent' domain (assuming the parent is
an actual intra-forest parent domain), then all you have to do is bring
the laptops in to your network and they will easily "find" their domain
resources through your DNS servers specified in your own DHCP scope,
that is assumingly as long as your DNS infrastructure is configured and
designed properly and resolving everything properly in the forest (as it
should be in such an infrastructure) so there will be nothing to fear.

If what I posted is not what you wanted to hear, then I apologize for
misunderstanding your post. If this is the case, please reply back and
elaborate exactly as to what your intentions are, such as is this a true
migration or do you just want to allow those users to get to your
resources, their own resources, etc and is this with or without
disjoining/joining your domain?


--
Regards,
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Directory Services
Microsoft Certified Trainer

Infinite Diversities in Infinite Combinations

Having difficulty reading or finding responses to your post?
Instead of the website you're using, try using OEx (Outlook Express
or any other newsreader), and configure a news account, pointing to
news.microsoft.com. Anonymous access. It's free - no username or
password
required nor do you need a Newsgroup Usenet account with your ISP. It
connects directly to the Microsoft Public Newsgroups. OEx allows you
o easily find, track threads, cross-post, sort by date, poster's name,
watched threads or subject. It's easy:

How to Configure OEx for Internet News
http://support.microsoft.com/?id=171164

"Quitting smoking is easy. I've done it a thousand times." - Mark Twain


I can see why Ace's post contained a lot of questions. You seem to be a
bit confused about how this all works. What does domain membership have
to do with Internet access?


There is no real problem with having a remote site containing members
of your domain. AD was designed to handle this sort of setup. And there
is no real problem with DNS or with Internet access. The site can have
its own direct connection to the Internet and have site to site routing
for domain-related traffic. DNS can be easily handled by making the DNS
servers in both sites secondaries for the "other" site. Each site DNS
server can then resolve names of machines in either site directly.
Changes to DNS at either site will replicate to the other.

Moving the machines in a site from one domain to another is a separate
issue, as Ace has pointed out.





.

Relevant Pages

  • Re: 2 AD domains same physical switches and router ?
    ... Would we publish all dns servers in the DHCp? ... The parent company in not a parent domain. ... At the moment our clients and servers are on our parent Companies domain. ...
    (microsoft.public.windows.server.networking)
  • Re: Help SMPT Errors
    ... Parent PASS Missing Direct Parent check OK. ... INFO NS records at parent servers Your NS records at the parent servers are: ... PASS Parent nameservers have your nameservers listed OK. ... DNS to look up your domain, the first step (if it doesn't already know about ...
    (microsoft.public.exchange.admin)
  • Re: 2 AD domains same physical switches and router ?
    ... You would have your own DNS and your own DHCP and your own network link to ... The parent company in not a parent domain. ... At the moment our clients and servers are on our parent Companies domain. ... the workstations and user accounts to be part of your Active Directory ...
    (microsoft.public.windows.server.networking)
  • Re: Trust between child and domain broken
    ... > have a copy of the parent zone or conditionally ... internal DNS servers are not allowed to go out of the network. ... >> zone and reverse lookup zone for both root DC and child DC. ...
    (microsoft.public.windows.server.dns)
  • Re: 2 AD domains same physical switches and router ?
    ... Currently the remote sites resources live on our parent companies ... I'm not really wanting to have to put static dns entries onto the ... the workstations and user accounts to be part of your Active Directory ...
    (microsoft.public.windows.server.networking)