Announcement

Collapse
No announcement yet.

Adding second domain

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Adding second domain

    Hi all

    We currently have an existing domain. AD is setup and working with Windows 2003 Servers.

    We have some users sharing our internet connection and they need a seperate domain and server setup that will control their users / data etc

    So I need to create a seperate domain for them but am unsure how best to do this, especially with DNS as I should only have the 1 DNS server.

    We cannot seperate the domain physically...so please advise with some suggestions on what is best for me to do

    Thanks

  • #2
    Re: Adding second domain

    My initial though is to setup the new domain in a new forest (since it seems you're just sharing the Internet connection and not any other resources) and setup an additional DNS server for that new domain. I don't know how many clients there are but, since you said the two domains can't be separated (I don't know why, it's not that hard), with this setup you can only use DHCP to configure DNS for one of the domains. In the other domain the clients will need to be manually configured.
    Regards,
    Jeremy

    Network Consultant/Engineer
    Baltimore - Washington area and beyond
    www.gma-cpa.com

    Comment


    • #3
      Re: Adding second domain

      Hello

      I have created a new domain in a new forest.
      This worked fine and I have installed DNS on the DC in that new domain.

      However from the DC in the new domain I am able to browse Users and Computers in the existing domain, and I see the trust is set by default and there is no way to remove this.

      How can I stop this new domain from seeing shares / AD on the existing domain ?
      Also from the existing Domain - if I try connect to the new domain in AD users + computers I can not do so.
      But it works from new domain connecting to existing domain

      Comment


      • #4
        Re: Adding second domain

        Originally posted by Nomad
        However from the DC in the new domain I am able to browse Users and Computers in the existing domain, and I see the trust is set by default and there is no way to remove this.
        This is the behaviour when you set up a New domain in an Existing Forest. You should demote the new DC and then run dcpromo again, making sure you select New Domain in a New Forest. This will separate the administrative authority and isolate the two domains.


        Also from the existing Domain - if I try connect to the new domain in AD users + computers I can not do so.
        But it works from new domain connecting to existing domain
        Probably has to do with the user you're using and the permissions it has.
        Regards,
        Jeremy

        Network Consultant/Engineer
        Baltimore - Washington area and beyond
        www.gma-cpa.com

        Comment


        • #5
          Re: Adding second domain

          Thanks.

          I have done as suggested but can still access the new domain from the existing one (after setting up new domain in a NEW forest)
          Last edited by Nomad; 26th July 2006, 01:55.

          Comment


          • #6
            Re: Adding second domain

            All the books that I've read and all the experience that I've had (not much, mind you) tell me that what you describe is impossible. I don't know how a user in one forest has privileges in another without explicitly defining a trust relationship.

            Can anyone shed some light on this issue?
            Regards,
            Jeremy

            Network Consultant/Engineer
            Baltimore - Washington area and beyond
            www.gma-cpa.com

            Comment


            • #7
              Re: Adding second domain

              I know - but let me tell you I am doing it.
              I have domain admin rights in both domains and my user name is the same in both.

              From my existing domain if I browse the new server in the new domain by \\Servername I get the full list of all shares and can browse these shares / create folders etc

              Comment

              Working...
              X