1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

ping d-Faktor or anyone with windows Enterprize experience

Discussion in 'General Microsoft Certifications' started by tomshawk, Mar 14, 2006.

  1. tomshawk

    tomshawk Byte Poster

    142
    1
    24
    Hello everyone:

    This is a first for me, as I've never tryed it, but it doesn't seem like it would be a good thing.

    Can I get a yeah or neah from someone that has done it or seen it.

    Domain number one Windows 2003 Enterprize addition
    Fully functional for a year, no problems at all
    Server name
    test1.testdomain.org

    Create a VPN connection to an satallite office, verified VPN is working, I can ping and remote desktop to the domain controller.

    Install a new server in the satallite office windows 2003 Enterprize addition
    Run dcpromo, tell it, it is a new domain on a new forest and name the server
    test2.testdomain.org

    What do you think would happen?
    What kind of problems do you think would arise, if any?
    Basically I need to know if I am right in my thinking that because the second server did not join the first ones forest, but created a new forest with the same name the 2 GC's are going to conflict with each other and cause what I noticed to be all kinds of errors in the event viewer.

    I dont think you need any more info, but, if you do, let me know

    Thanks in advance for any help ;)
     
    Certifications: MCSE/NT4, MCP/2K3, MCP+I, CCNA, Net+, A+
  2. simongrahamuk
    Honorary Member

    simongrahamuk Hmmmmmmm?

    6,199
    125
    199
    how is the VPN setup? Using standard Windows setup?

    Using a third party VPN device you may be able to do it, but I'd think that you are correct with your assumption Tom that there would be all sorts of conflicts because of the Domain names being the same.

    :unsure
     
  3. d-Faktor
    Honorary Member

    d-Faktor R.I.P - gone but never forgotten.

    810
    0
    39
    tom,

    interesting question. never seen or tried that before.

    if both forests don't share any wins/dns servers, are on seperate subnets, and are therefore also strictly seperated in their respective active directory site configurations, then i think both forests might be able to co-exist. in other words, as long as they are not aware of each other, then all should be good. the big question is the vpn and the whole networking part. how interconnected are they, or should they be? because interoperability is out of the question, and shared internet presence (mail, web, etc.) will be difficult.
     
  4. tomshawk

    tomshawk Byte Poster

    142
    1
    24
    Thanks Simon and d-Faktor

    The VPN is a thrid party Sonicwall VPN appliance at each site

    Corporate Office
    192.168.0.0

    Satallite office
    192.168.1.0

    They do want them to be joined via Forest level trust, so DNS pointers are needed, hence I was thinking they will have even more issues then I ran into.

    but...

    I did run into issues before even setting up the DNS pointers, as soon as I plugged in the new server at the satallite office errors started showing up in the event viewer of both Servers.

    As a side note, no, the is no web or email on the second site ;)

    Thanks again for any help provided and any further thoughts on this.
    ;)
     
    Certifications: MCSE/NT4, MCP/2K3, MCP+I, CCNA, Net+, A+
  5. d-Faktor
    Honorary Member

    d-Faktor R.I.P - gone but never forgotten.

    810
    0
    39
    as soon as the namespaces and subnets overlap, you'll be in a world of trouble. your global catalogs will start duking it out, and neither side will win. your infrastructure masters will also clash. netlogons will start to fail erratically. and you can forget about that trust. afaik, there's no way you'll be able to set that up, let alone let it function.

    why does the client want this particular setup? if they're so keen on having some kind seperation while maintaining the same namespace, wouldn't it be much easier to configure a seperate child domain?
     
  6. tomshawk

    tomshawk Byte Poster

    142
    1
    24
    Thank you very much for confirming my thoughts d-Faktor. ;)

    I owe you one

    I talked to the cllient and got them to consider different domain names all together

    This new domain is now testdomain.local and has a functional forest trust, and everyone is happy. ;)
     
    Certifications: MCSE/NT4, MCP/2K3, MCP+I, CCNA, Net+, A+
  7. d-Faktor
    Honorary Member

    d-Faktor R.I.P - gone but never forgotten.

    810
    0
    39
    sure thing, tom. i know how it is. some clients can get carried away with certain ideas that are difficult or impossible to implement in reality. as administrator you often have to be a diplomat as well. :juggle

    good to speak to you again, by the way. :biggrin
     

Share This Page

Loading...