No announcement yet.

Splitting a Network in Two

  • Filter
  • Time
  • Show
Clear All
new posts

  • Splitting a Network in Two

    Hello All,

    This is my first post here so go easy on me. This might need to be under general networking but I need more help with Windows than I do the physical network.

    I work for a company that currently uses a domain to access files (Active Directory) and e-mail (Exchange). We need to split ourselves off of the current domain and make a new domain. (The company was sold)

    For example, we currently have to login to Domain1 everyday. However we need to be able to login to Domain2 everyday, but Domain1 still needs to exsist for some employees that are under Domain1.

    There needs to be a network administrator for both domains, but Network Admin1 doesn't need access to Domain2 and vice versa.

    These are both at the same physical location.

    Any suggestions? I can't seem to find any information on running a dual domain on the same physical network or any info on splitting a domain into two domains. We plan to purchase a new domain controller for the new network I just want to make sure we don't crash both networks.


  • #2
    Re: Splitting a Network in Two

    This one's relatively simple unless there's stuff you haven't told us. (I'm assuming that your first domain and forest is running in Windows Server 2003 Functional Level). Build the new domain on the new domain controller - First domain in a new forest. Set the Domain and Forest functional levels to Windows Server 2003. Create a two-way Forest Trust between the two forests. Grant access to resources in the standard Windows Server 2003 cross-domain fashion - i.e. universal groups contain domain global groups which are members of Domain Local groups - these grant access to resources. Users go into Domain Global groups.

    That should be it, as far as your stated requirements go. There need not even be any IP separation - although if there are "Conflict of Interest" issues between the two organisations there may need to be a carefully set up firewall between the domains... although to be honest to make resource access and a forest trust work properly the firewall will have to be so open as to be near useless.
    Last edited by Stonelaughter; 8th September 2007, 23:26. Reason: seppling

    For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

    Anything you say will be misquoted and used against you