No announcement yet.

Setting Up Child Domain

  • Filter
  • Time
  • Show
Clear All
new posts

  • Setting Up Child Domain

    I want to set up a child domain and I need help to do that. This is my scenario: We have two networks setup as one as and the other one as The is up and running with NAT enable with Router and Firewall. What do I need for the network to be a child domain for the Please point me to a good resources to achieve that. Thanks.

  • #2
    You don't need NAT between the 2 networks just basic routing.

    You havn't mentioned anything about your current domain setup. Your network infrastructure has no affect on your Domain layout, you could have 1 parent domain to encompass both networks.

    If you already have a domain setup then install a new 2000\2003 server on your "child" network, then run DCpromo and follow the prompts to install a new child domain.

    * Shamelessly mentioning "Don't forget to add reputation!"


    • #3
      Setting up a Child Domain

      The network is up and running with Windows2003 server. The network also have NAT to allow internal clients to be able to browse the internet. Now I want to setup a child domain that is about six miles away from the network. The two sites are connected with fiber. The network has router and firewall installed on their site. To setup the second site with network as a child domain, what do I need to do to achieve that. We already have a router here for the second site is it necessary? Please advice.


      • #4
        In order for the second server to successfully promote itself to DC it must replicate the AD data from an existing DC.

        In order to acheive this replication, you must have:

        1) A working DNS infrastructure, with working SRV Records, and full internal name resolution. The future DC must be able to find the existing DCs and GCs.

        2) Full RPC, LDAP and GC traffic between the 2 sites. You can easily acheive this by setting up a VPN connection between them. If you choose not to use VPN, then you must configure the firewalls between the 2 sites to allow this type of traffic, which might not be such an easy scenario to implement.

        3) The correct user rights and admin permissions. To set up a child domain you must be local admin on the server, and have the username and password of the enterprise admin.

        Daniel Petri
        Microsoft Most Valuable Professional - Active Directory Directory Services


        • #5

          Thanks for your comment. Which port numbers should I allow open in both firewalls to allow traffics in to connect to the parent domain and also the parent domain being able to talk to the child domain. I am also using using a private IP address of for the child domain, while the parent domain already have and NAT is already enabled on the network. Or is it possible to setup a child domain using the only pix firewall installed in the corporate headquarters. The second site has only cisco router and no firewall. Please comment. Thanks.


          • #6
            it tooks only 10 seconds of searching google

            ports for Active Directory Domain Traffic
            Technical Consultant

            MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
            "No matter how secure, there is always the human factor."

            "Enjoy life today, tomorrow may never come."
            "If you're going through hell, keep going. ~Winston Churchill"