ping d-Faktor or anyone with windows Enterprize experience

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Hello everyone:

This is a first for me, as I've never tryed it, but it doesn't seem like it would be a good thing.

Can I get a yeah or neah from someone that has done it or seen it.

Domain number one Windows 2003 Enterprize addition
Fully functional for a year, no problems at all
Server name
test1.testdomain.org

Create a VPN connection to an satallite office, verified VPN is working, I can ping and remote desktop to the domain controller.

Install a new server in the satallite office windows 2003 Enterprize addition
Run dcpromo, tell it, it is a new domain on a new forest and name the server
test2.testdomain.org

What do you think would happen?
What kind of problems do you think would arise, if any?
Basically I need to know if I am right in my thinking that because the second server did not join the first ones forest, but created a new forest with the same name the 2 GC's are going to conflict with each other and cause what I noticed to be all kinds of errors in the event viewer.

I dont think you need any more info, but, if you do, let me know

Thanks in advance for any help ;)

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

how is the VPN setup? Using standard Windows setup?

Using a third party VPN device you may be able to do it, but I'd think that you are correct with your assumption Tom that there would be all sorts of conflicts because of the Domain names being the same.

 

tom,

interesting question. never seen or tried that before.

if both forests don't share any wins/dns servers, are on seperate subnets, and are therefore also strictly seperated in their respective active directory site configurations, then i think both forests might be able to co-exist. in other words, as long as they are not aware of each other, then all should be good. the big question is the vpn and the whole networking part. how interconnected are they, or should they be? because interoperability is out of the question, and shared internet presence (mail, web, etc.) will be difficult.

 

Thanks Simon and d-Faktor

The VPN is a thrid party Sonicwall VPN appliance at each site

Corporate Office
192.168.0.0

Satallite office
192.168.1.0

They do want them to be joined via Forest level trust, so DNS pointers are needed, hence I was thinking they will have even more issues then I ran into.

but...

I did run into issues before even setting up the DNS pointers, as soon as I plugged in the new server at the satallite office errors started showing up in the event viewer of both Servers.

As a side note, no, the is no web or email on the second site ;)

Thanks again for any help provided and any further thoughts on this.
;)

 

as soon as the namespaces and subnets overlap, you'll be in a world of trouble. your global catalogs will start duking it out, and neither side will win. your infrastructure masters will also clash. netlogons will start to fail erratically. and you can forget about that trust. afaik, there's no way you'll be able to set that up, let alone let it function.

why does the client want this particular setup? if they're so keen on having some kind seperation while maintaining the same namespace, wouldn't it be much easier to configure a seperate child domain?

 

Thank you very much for confirming my thoughts d-Faktor. ;)

I owe you one

I talked to the cllient and got them to consider different domain names all together

This new domain is now testdomain.local and has a functional forest trust, and everyone is happy. ;)

 

sure thing, tom. i know how it is. some clients can get carried away with certain ideas that are difficult or impossible to implement in reality. as administrator you often have to be a diplomat as well.

good to speak to you again, by the way.