Announcement

Collapse
No announcement yet.

Trust between two domain controlers on the same network

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Trust between two domain controlers on the same network

    I am new at this so please give me some advice.
    We have 2 organization on the same ip class(192.168.0.x)
    We have a domain controller(server 2003) that is used to manage computers from first organization, called server1
    Second organization doesnt have a DC yet, but computers from second organization access resources from the first organization(a sql database). Second organization uses the ip adresses from 192.168.0.100-192,168.0.140

    Now I would like to add server2 as a domain controller to manage comuters for second organization. I have installed a server 2008 R2, added Routing and Remote Access Service (RRAS) and setup the server to work as a NAT ROUTER(second organization has a different ISP). My server2 has the LAN NIC set to 192.168.0.101
    255.255.255.0
    No GW, No DNS(multihomed)
    The WAN NIC is setup to my ISP requirements and works fine. All computers from second organization have internet connection through server2.

    The problem comes from the fact that computers from my second organization, after beeing added to my new domain cannot access resources from server1(SQL database) but the resources are accessible from server2 (192.168.0.101). Computers from second organization can access computers from first organization, but server1(witch holds DC and SQL) is not accessible
    The NICs from second organizations are setup like
    192.168.0.102-40
    255.255.255.0
    GW 192.168.0.101
    DNS. my ISP DNS

    I really hope you can give me some advice.
    Thanks

  • #2
    Re: Trust between two domain controlers on the same network

    you have a very confusing setup.

    put the two separate organisations on separate subnets to start with.

    then worry about routing between them. what you're doing is very confusing and messy, and i don't understand why you;'re doing it like this
    Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

    Comment


    • #3
      Re: Trust between two domain controlers on the same network

      I now is kind of messy and putting the two ogranization on separate subnets would clarify things a bit.
      I would like to know if i could use RRAS to route between the 2 subnets(considering the fact that i will take on your advice) and my ISP connection? And if you could give me some advice on how to do that?! Thanks

      Comment


      • #4
        Re: Trust between two domain controlers on the same network

        It's actually basic routing.
        How does your physical network looks like?
        What kind of switches do you have?
        Isn't it better to use ISA/TMG instead of RRAS facing the public network? RRAS isn't a firewall, ISA (Runs on Windows 2003) and TMG (runs on Windows 2008 ) are.
        Are you using VLAN's or do you know how to configure them on your switches?
        Marcel
        Technical Consultant
        Netherlands
        http://www.phetios.com
        http://blog.nessus.nl

        MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
        "No matter how secure, there is always the human factor."

        "Enjoy life today, tomorrow may never come."
        "If you're going through hell, keep going. ~Winston Churchill"

        Comment


        • #5
          Re: Trust between two domain controlers on the same network

          I would like to add that first organization is managed by someone else and I dont tink I can convince them to split the network by a 255.255.255.128 mask for exemple.
          Or maybe by subnet you are refering to a diferent network, like 192.168.1.1?

          In my initial messake a have made a mistake. The setuo is:
          The NICs from second organizations are setup like
          192.168.0.102-140
          255.255.255.0
          GW 192.168.0.101
          DNS. my ISP DNS
          Also first organization uses the resto of the adresess 192.168.0.2-100 and 192.168.0.41-254
          I think that even if I will add second organization to a different subnet or network I will have problem accesing resources from the sql server. And is strange that the 2008 R2 server can access that resurce(192.168.0.101)

          I am not using vlan.
          Related to ISA/TMG ... havent used something like that before ... I will get into it but i dont really need firewall
          Last edited by adyamg; 25th October 2010, 22:14.

          Comment


          • #6
            Re: Trust between two domain controlers on the same network



            This is how my network looks like now.
            I need computers from "organization 2" to access resources from "organization 1" and especially from their server(where the SQL database is located).
            The Server 2008R2 can access the server 2003 and computers from "organization 1" domain, but computers from "organization 2" domain cant access those resources.

            Comment


            • #7
              Re: Trust between two domain controlers on the same network

              so the computes from Organisation2 cannot ping 192.168.0.1 ??
              Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

              Comment


              • #8
                Re: Trust between two domain controlers on the same network

                I can ping 192.168.0.1 and I have reply but I cant access it from any computer from range 192.168.0.102-192.168.0.140 if it is added to my "organization 2" domain. If I take the computer out of the domain everything works just fine.
                I would like to add that if I add a computer to my domain(organization 2) and try to browse my "entire network" I can only see "organization 2" domain.

                Could it be a setting in my domain that doesnt let me access other domains or workgroups?

                Comment


                • #9
                  Re: Trust between two domain controlers on the same network

                  what's your domain firewall policy like ?
                  Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

                  Comment


                  • #10
                    Re: Trust between two domain controlers on the same network

                    ups ... firewall for domain network state says

                    Windows firewall: On
                    Incoming connections: Block all connections to programs that are not in the list of alowed programs
                    Notification state: Do not notify ....
                    I am guessing that this could be a part of my problem

                    Comment


                    • #11
                      Re: Trust between two domain controlers on the same network

                      Any ideea?

                      Comment


                      • #12
                        Re: Trust between two domain controlers on the same network

                        try turning the firewall off to start with, see how that goes
                        Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

                        Comment


                        • #13
                          Re: Trust between two domain controlers on the same network

                          I have turned off the firewall and setup my alternate DNS to 192.168.0.101(my server ip).
                          Now I can access computers in organization 1 and I can see their server but I cant access it.
                          If I ping it, I will get a reply but when tring to access it ... "\\server is not accesible. You might not have permision to use the network resource .... The user cannot be found"

                          When I try to access organization 1 server I am being asked for a username and password. So I am using the account given by organization 1 administrator and I can access their server. But computers from my organization(2) can't.

                          Comment


                          • #14
                            Re: Trust between two domain controlers on the same network

                            I think I need a external trust between those 2 Domain controllers.

                            Comment


                            • #15
                              Re: Trust between two domain controlers on the same network

                              You will need a 2 way trust if they are different domains and you need to access resources from either side.

                              Comment

                              Working...
                              X