Announcement

Collapse
No announcement yet.

Setup New Domain Under An Existing Forest

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Setup New Domain Under An Existing Forest

    Hi all, does anyone of you have any experience in setting up a new domain under an existing forest?

    We have a new entity in our company and we are thinking of setting up a new domain for the new entity so as to restrict the users from the new entity to access the current servers in the existing domain.. However, the management will want to access the servers in both domains.. Is setting up a new domain under the existing forest the correct way to do it?

  • #2
    Re: Setup New Domain Under An Existing Forest

    I wouldn't create a new domain for this.
    There are several ways to achive this without the need for a new domain.
    Besides, if you where to create a new domain in the existing forrest, transistive trusts would be set up by default.
    Last edited by Killerbe; 31st December 2007, 10:01.
    [Powershell]
    Start-DayDream
    Set-Location Malibu Beach
    Get-Drink
    Lay-Back
    Start-Sleep
    ....
    Wake-Up!
    Resume-Service
    Write-Warning
    [/Powershell]

    BLOG: Therealshrimp.blogspot.com

    Comment


    • #3
      Re: Setup New Domain Under An Existing Forest

      Thanks Killerbe.. then what is the best way of setting up? the management will not want the staff to be able to access the resources on the servers and also not seeing the servers in the existing domain..

      They have already purchased a new HP server and it will be in next week.. we will need to setup the server for the new entity by next week also..

      Comment


      • #4
        Re: Setup New Domain Under An Existing Forest

        its simple enough to create resources that users will not be able to access with share permissions and ntfs security. its just a matter of creating global security groups, defining members, and allocating the resources to those groups.

        not seeing the servers in the existing domain..
        what exactly do you mean when you say 'not seeing'? this can be accomplished in several ways, depending on your needs. you could isolate servers by vlan assignment... i just dont understand what youre looking for there.

        i would agree with killerb, that an additional domain would be overkill in the situation if your only talking about one server. an additional domain would increase your job duties a little...

        does this new org plan on having its own exchange server? will you have a gc for this new domain? what is the OS on this new server? how many users are in the new org? how will AV be handled? there are a lot of questions that will go into planning this out. sometimes creating a new domain creates new problems that you may not have considered...

        you may want to ask for an extension on this 1 week deadline if you cannot answer these questions.

        we can provide a more detailed explanation of how to implement this addition to your org if you can provide a bit more information...
        • current topology
        • current domain functional level
        • does exchange exist? if so, the exchange functional level...
        • user base
        • proposed topology
        • new equipment: server/OS version,
        • proposed role of said equipment


        or something of the sorts. its hard to make these calls on the information at hand.
        its easier to beg forgiveness than ask permission.
        Give karma where karma is due...

        Comment


        • #5
          Re: Setup New Domain Under An Existing Forest

          Hi James,

          Sorry for the vagueexplanation.. i might not have painted a clearer picture for you when I posted the message.. the meaning of not seeing the servers in the existing domain is that the management will not want the new users to be able to access any servers in the current domain (e.g. ABC.COM)..

          1. the current topology consists of 1 domain (ABC.COM) with 1 file server, 1 exchange server and 1 standalone DNS server
          2. Windows 2000 mixed
          3. Exchange exists..
          4. there are around 50+ users in the office.. Exchange server is serving some regional offices for POP emails (over 100+ mailboxes).. the exchange server will also serve the users in the new entity for their emails..
          5. to have a new server/domain for the new entity
          6. 1 HP server with Windows Server Std 2003
          7. the HP server is to serve as a file and print server for the new entity

          I do not know which is the best way to go about doing it.. but it seems like a new domain in an existing forest is a no-no..

          Comment


          • #6
            Re: Setup New Domain Under An Existing Forest

            Hi,

            If you will go for a new domain in existing forest then there would be an automatic trust between these domains and they can access the resources of each other (Yes.....Permissions can be used to allow or deny them).

            But if management does not want to access the resources of each other then you should go for a different forest.

            http://www.microsoft.com/technet/pro....mspx?mfr=true

            http://www.microsoft.com/windows/win...eesForests.htm

            Regards,
            Kapil Sharma
            ~~~~~~~~~~~~~
            Life is too short, Enjoy It.

            Comment


            • #7
              Re: Setup New Domain Under An Existing Forest

              One more thing:

              For better responses it should have been posted under "Active Directory" tab.

              Regards,
              Kapil Sharma
              ~~~~~~~~~~~~~
              Life is too short, Enjoy It.

              Comment


              • #8
                Re: Setup New Domain Under An Existing Forest

                Yes.. the management will want to access both domains.. that means it will be best to setup a new domain under the exsiting forest?

                I will be setting up the new server tomorrow and will give it a try to see if the 2 domains have automatic trust..

                Thanks fo the help..

                Comment

                Working...
                X