Re: 2 AD domains same physical switches and router ?

Thabks again guys.

I was thinking of going down the line of seperate entities as the whole
point of this migration was to move away from using any of their resources.
We are also trying to eliminate the requirements for any kind of forest
trusts.

Regards


"Bill Grant" <not.available@online> wrote in message
news:eFxhhWCyHHA.5204@xxxxxxxxxxxxxxxxxxxxxxx
As a personal opinion, I would move them completely off the existing
network and put them on your own switch with its own IP subnet. If the
existing switch supports VLANs you could probably get the techies to set
up your machines on a VLAN, but I would look at running it on your own
hardware as an AD site with no physical connection to the existing LAN.
You would have your own DNS and your own DHCP and your own network link to
the Internet and/or other sites.

"news.microsoft.com" <ChrisD@xxxxxxxxxxxxx> wrote in message
news:e6GSRa%23xHHA.1456@xxxxxxxxxxxxxxxxxxxxxxx
Thanks Guys.

I'll try to explain a little better.

The parent company in not a parent domain. we have moved away from them
and now have our own AD with sites around the world. Most of our sites
are on our hardware but we have a couple who are still piggy backpart of
the other companies domain.

At the moment our clients and servers are on our parent Companies domain.
We aim to split completely the clients and servers on this site and
migrate to ours. We are going to migrate them to our AD domain but i'm
not 100% sure what is the best way to point them to our DNS servers..

If we keep them on the parent companies physical switches our clients
will obtain their DNS server IP's. We cannot have 2 dhcp servers on the
current infrastructure, one on their domain and one on ours so I can only
see 2 options. Purchase new swithces, firewall etc or put in static DNS
entries into the clients.

Hope this makes it a bit clearer.




"Bill Grant" <not.available@online> wrote in message
news:e%23dkJb3xHHA.1164@xxxxxxxxxxxxxxxxxxxxxxx

"Ace Fekay [MVP]" <PleaseAskMe@xxxxxxxxxxxxxx> wrote in message
news:%23hJDCyzxHHA.4184@xxxxxxxxxxxxxxxxxxxxxxx
In news:eSKQGVvxHHA.2432@xxxxxxxxxxxxxxxxxxxx,
news.microsoft.com <ChrisD@xxxxxxxxxxxxx> typed:
We are looking at merging one of our remote sites into our AD.
Currently the remote sites resources live on our parent companies
domain and we access via trusts.

What i'm after help on is the best way to do this.

I'm not really wanting to have to put static dns entries onto the
client pc's as we have quite a few laptops which means users whould
have to change these if the want to use broadband etc. Is the
longterm best option to invest in some new hardware router/firewall
and keep our AD isolated?
TIA

I believe the operative term is migrate, not merge, that is if you want
the workstations and user accounts to be part of your Active Directory
infrastructure. Keep in mind, you can't just toggle a laptop from one
domain to another that easily. From your descritpiton, I am not sure if
this is your goal. Do you want to join them to your domain and leave
the parent?

Also, when you say parent domain, is this an actual parent domain in
the same forest?

In an intra-forest migration, ADMT tool can migrate the user from one
domain to another as well as computer accounts. For both of these
objects, it will copy the accounts to the target domain, then delete
the accounts in the source domain. They will no longer exist in the
source.

If you want to keep them in the 'parent' domain (assuming the parent is
an actual intra-forest parent domain), then all you have to do is bring
the laptops in to your network and they will easily "find" their domain
resources through your DNS servers specified in your own DHCP scope,
that is assumingly as long as your DNS infrastructure is configured and
designed properly and resolving everything properly in the forest (as
it should be in such an infrastructure) so there will be nothing to
fear.

If what I posted is not what you wanted to hear, then I apologize for
misunderstanding your post. If this is the case, please reply back and
elaborate exactly as to what your intentions are, such as is this a
true migration or do you just want to allow those users to get to your
resources, their own resources, etc and is this with or without
disjoining/joining your domain?


--
Regards,
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Directory Services
Microsoft Certified Trainer

Infinite Diversities in Infinite Combinations

Having difficulty reading or finding responses to your post?
Instead of the website you're using, try using OEx (Outlook Express
or any other newsreader), and configure a news account, pointing to
news.microsoft.com. Anonymous access. It's free - no username or
password
required nor do you need a Newsgroup Usenet account with your ISP. It
connects directly to the Microsoft Public Newsgroups. OEx allows you
o easily find, track threads, cross-post, sort by date, poster's name,
watched threads or subject. It's easy:

How to Configure OEx for Internet News
http://support.microsoft.com/?id=171164

"Quitting smoking is easy. I've done it a thousand times." - Mark Twain


I can see why Ace's post contained a lot of questions. You seem to be
a bit confused about how this all works. What does domain membership
have to do with Internet access?


There is no real problem with having a remote site containing members
of your domain. AD was designed to handle this sort of setup. And there
is no real problem with DNS or with Internet access. The site can have
its own direct connection to the Internet and have site to site routing
for domain-related traffic. DNS can be easily handled by making the DNS
servers in both sites secondaries for the "other" site. Each site DNS
server can then resolve names of machines in either site directly.
Changes to DNS at either site will replicate to the other.

Moving the machines in a site from one domain to another is a
separate issue, as Ace has pointed out.







.

Relevant Pages

  • Re: 2 AD domains same physical switches and router ?
    ... Would we publish all dns servers in the DHCp? ... The parent company in not a parent domain. ... At the moment our clients and servers are on our parent Companies domain. ...
    (microsoft.public.windows.server.networking)
  • Re: Help SMPT Errors
    ... Parent PASS Missing Direct Parent check OK. ... INFO NS records at parent servers Your NS records at the parent servers are: ... PASS Parent nameservers have your nameservers listed OK. ... DNS to look up your domain, the first step (if it doesn't already know about ...
    (microsoft.public.exchange.admin)
  • Re: Trust between child and domain broken
    ... > have a copy of the parent zone or conditionally ... internal DNS servers are not allowed to go out of the network. ... >> zone and reverse lookup zone for both root DC and child DC. ...
    (microsoft.public.windows.server.dns)
  • Re: 2 AD domains same physical switches and router ?
    ... The parent company in not a parent domain. ... At the moment our clients and servers are on our parent Companies domain. ... 100% sure what is the best way to point them to our DNS servers.. ... the workstations and user accounts to be part of your Active Directory ...
    (microsoft.public.windows.server.networking)
  • Re: 2 AD domains same physical switches and router ?
    ... Currently the remote sites resources live on our parent companies ... I'm not really wanting to have to put static dns entries onto the ... the workstations and user accounts to be part of your Active Directory ...
    (microsoft.public.windows.server.networking)