New root level or new forest domain, same gateway

Archived from groups: microsoft.public.win2000.active_directory (More info?)

I have a Windows 2000 network (with 1 NT client) with 2 DCs, firewall and
router to a T-1 connection. There is a single domain DOMAINA.com. In a lab
environment, I want to create a new domain DOMAINB.com that uses the gateway
to get out to the internet, but whose members can access resources in DOMAINA
and visa versa.

I already attempted doing this by installing Win2000 Server on a new box as
a DC with DNS and Active Directory. At one point I managed to tell this new
DOMAINB to trust DOMAINA and was able to see computers in the DOMAINA
network, but we made changes to DNS in DOMAINA that may have nullified that.

I'm ready to start again, so any suggestions to make a fresh start and
welcome.

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Okay, I think I get what you're saying, but now I think I have something in
DOMAINB set up wrong. The single DC in DOMAINB does not host a DHCP server,
and for example, the DOMAINB DC's fixed IP address is 192.168.1.53; it's
subnet is 192.168.1.x. This is the same subnet as all the computers in
DOMAINA.

I am thinking this is wrong because from what you suggested, there's no way
to assign a new zone, which would be the same zone for both DOMAINA and
DOMAINB, right?

I don't know what I'm doing, yes, but I might if I can get past this! I
hope this makes sense. Thanks for your help.

"Paul Bergson" wrote:

> Once you have Domain B up and running you could make a secondary DNS zone of
> A in B and B in A. Once this is done you should be able to setup a trust
> between the two. Also setup Domain B's DNS server to "Forward" unknown
> requests to Domain A.
>
> Here is a white paper on DNS
> http://support.microsoft.com/defau [...] -us;298448
>
> --
>
> Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
>
>
> "Gina" <Gina@discussions.microsoft.com> wrote in message
> news:6087DA38-4583-44D2-8594-CD610EDFCEC5@microsoft.com...
> > I have a Windows 2000 network (with 1 NT client) with 2 DCs, firewall and
> > router to a T-1 connection. There is a single domain DOMAINA.com. In a
> lab
> > environment, I want to create a new domain DOMAINB.com that uses the
> gateway
> > to get out to the internet, but whose members can access resources in
> DOMAINA
> > and visa versa.
> >
> > I already attempted doing this by installing Win2000 Server on a new box
> as
> > a DC with DNS and Active Directory. At one point I managed to tell this
> new
> > DOMAINB to trust DOMAINA and was able to see computers in the DOMAINA
> > network, but we made changes to DNS in DOMAINA that may have nullified
> that.
> >
> > I'm ready to start again, so any suggestions to make a fresh start and
> > welcome.
>
>
>

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Can you expand on this "...unique addressing that is routable between the
two"? My problem is that I am running out of IP addresses on DOMAINA and
want to begin using a 2nd subnet using the same domain name, DC's, gateway,
etc. I'm really not sure where to begin.

TIA :-]

-Brian

"Paul Bergson" wrote:

> Correct
>
> Different subnet different range of addresses. You don't need dhcp (If you
> used fixed) but you do need unique addressing that is routable between the
> two.
>
> --
>
> Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
>
>
> "Gina" <Gina@discussions.microsoft.com> wrote in message
> news:A838963E-E274-493F-A1D9-663D12F77250@microsoft.com...
> > Okay, I think I get what you're saying, but now I think I have something
> in
> > DOMAINB set up wrong. The single DC in DOMAINB does not host a DHCP
> server,
> > and for example, the DOMAINB DC's fixed IP address is 192.168.1.53; it's
> > subnet is 192.168.1.x. This is the same subnet as all the computers in
> > DOMAINA.
> >
> > I am thinking this is wrong because from what you suggested, there's no
> way
> > to assign a new zone, which would be the same zone for both DOMAINA and
> > DOMAINB, right?
> >
> > I don't know what I'm doing, yes, but I might if I can get past this! I
> > hope this makes sense. Thanks for your help.
> >
> > "Paul Bergson" wrote:
> >
> > > Once you have Domain B up and running you could make a secondary DNS
> zone of
> > > A in B and B in A. Once this is done you should be able to setup a
> trust
> > > between the two. Also setup Domain B's DNS server to "Forward" unknown
> > > requests to Domain A.
> > >
> > > Here is a white paper on DNS
> > > http://support.microsoft.com/defau [...] -us;298448
> > >
> > > --
> > >
> > > Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
> > >
> > > This posting is provided "AS IS" with no warranties, and confers no
> rights.
> > >
> > >
> > >
> > > "Gina" <Gina@discussions.microsoft.com> wrote in message
> > > news:6087DA38-4583-44D2-8594-CD610EDFCEC5@microsoft.com...
> > > > I have a Windows 2000 network (with 1 NT client) with 2 DCs, firewall
> and
> > > > router to a T-1 connection. There is a single domain DOMAINA.com. In
> a
> > > lab
> > > > environment, I want to create a new domain DOMAINB.com that uses the
> > > gateway
> > > > to get out to the internet, but whose members can access resources in
> > > DOMAINA
> > > > and visa versa.
> > > >
> > > > I already attempted doing this by installing Win2000 Server on a new
> box
> > > as
> > > > a DC with DNS and Active Directory. At one point I managed to tell
> this
> > > new
> > > > DOMAINB to trust DOMAINA and was able to see computers in the DOMAINA
> > > > network, but we made changes to DNS in DOMAINA that may have nullified
> > > that.
> > > >
> > > > I'm ready to start again, so any suggestions to make a fresh start and
> > > > welcome.
> > >
> > >
> > >
>
>
>

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Thanks Paul.

I do understand about having to use different IP addresses in a different
subnet, I'm just not sure how to get Active Directory to do the proper
routing *between* those 2 subnets. I don't know if I need to just create a
separate subnet in Sites & Services under the same site or if I need a whole
new site or if I have to add new NIC's to every one of our servers or what.
I would imagine that there is something I need to do in DNS to get the
routing part of it to work, I just don't know what that something is.

I guess the question I'm asking, which is perhaps only partially related to
this initial post and should be asked in a different thread, is, "If you were
in charge of an Active Directory forest/tree/network/thing and you were
quickly running out of IP addresses in the default subnet, how would you
setup a separate subnet or site or whatever so that you could continue adding
computers to your current network and all the machines could still talk to
each other?" Maybe that's a bit more descriptive than my original question.
That's the actual problem I'm facing.

Thanks again

"Paul Bergson" wrote:

> From what I understood the same set of IP address are being used in both
> sub-nets. The router only knows about unique sub-nets. If a second subnet
> is created with the same set of addresses there is no way other than on the
> local lan can addresses be forwarded. Each subnet needs its own set of
> addresses. Change the third octet from a 1 to a 2 ... 192.168.2.x
>
>
> "The single DC in DOMAINB does not host a DHCP server, and for example, the
> DOMAINB DC's fixed IP address is 192.168.1.53; it's
> subnet is 192.168.1.x. This is the same subnet as all the computers in
> DOMAINA."
>
>
>
> --
>
> Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
>
>
> "Brian Edwards" <BrianEdwards@discussions.microsoft.com> wrote in message
> news:2D585CAA-FCD2-459F-8317-43463C90EA16@microsoft.com...
> > Can you expand on this "...unique addressing that is routable between the
> > two"? My problem is that I am running out of IP addresses on DOMAINA and
> > want to begin using a 2nd subnet using the same domain name, DC's,
> gateway,
> > etc. I'm really not sure where to begin.
> >
> > TIA :-]
> >
> > -Brian
> >
> > "Paul Bergson" wrote:
> >
> > > Correct
> > >
> > > Different subnet different range of addresses. You don't need dhcp (If
> you
> > > used fixed) but you do need unique addressing that is routable between
> the
> > > two.
> > >
> > > --
> > >
> > > Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
> > >
> > > This posting is provided "AS IS" with no warranties, and confers no
> rights.
> > >
> > >
> > >
> > > "Gina" <Gina@discussions.microsoft.com> wrote in message
> > > news:A838963E-E274-493F-A1D9-663D12F77250@microsoft.com...
> > > > Okay, I think I get what you're saying, but now I think I have
> something
> > > in
> > > > DOMAINB set up wrong.
>
> > > >
> > > > I am thinking this is wrong because from what you suggested, there's
> no
> > > way
> > > > to assign a new zone, which would be the same zone for both DOMAINA
> and
> > > > DOMAINB, right?
> > > >
> > > > I don't know what I'm doing, yes, but I might if I can get past this!
> I
> > > > hope this makes sense. Thanks for your help.
> > > >
> > > > "Paul Bergson" wrote:
> > > >
> > > > > Once you have Domain B up and running you could make a secondary DNS
> > > zone of
> > > > > A in B and B in A. Once this is done you should be able to setup a
> > > trust
> > > > > between the two. Also setup Domain B's DNS server to "Forward"
> unknown
> > > > > requests to Domain A.
> > > > >
> > > > > Here is a white paper on DNS
> > > > > http://support.microsoft.com/defau [...] -us;298448
> > > > >
> > > > > --
> > > > >
> > > > > Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
> > > > >
> > > > > This posting is provided "AS IS" with no warranties, and confers no
> > > rights.
> > > > >
> > > > >
> > > > >
> > > > > "Gina" <Gina@discussions.microsoft.com> wrote in message
> > > > > news:6087DA38-4583-44D2-8594-CD610EDFCEC5@microsoft.com...
> > > > > > I have a Windows 2000 network (with 1 NT client) with 2 DCs,
> firewall
> > > and
> > > > > > router to a T-1 connection. There is a single domain DOMAINA.com.
> In
> > > a
> > > > > lab
> > > > > > environment, I want to create a new domain DOMAINB.com that uses
> the
> > > > > gateway
> > > > > > to get out to the internet, but whose members can access resources
> in
> > > > > DOMAINA
> > > > > > and visa versa.
> > > > > >
> > > > > > I already attempted doing this by installing Win2000 Server on a
> new
> > > box
> > > > > as
> > > > > > a DC with DNS and Active Directory. At one point I managed to
> tell
> > > this
> > > > > new
> > > > > > DOMAINB to trust DOMAINA and was able to see computers in the
> DOMAINA
> > > > > > network, but we made changes to DNS in DOMAINA that may have
> nullified
> > > > > that.
> > > > > >
> > > > > > I'm ready to start again, so any suggestions to make a fresh start
> and
> > > > > > welcome.
> > > > >
> > > > >
> > > > >
> > >
> > >
> > >
>
>
>

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Excellent. Thank you very, very much for your help.

"Paul Bergson" wrote:

> You will need to either use Windows Routing and Remote Access Services or
> purchase a router. I guess you could also modify the IP Address scheme you
> are using.
>
> Your first part of the question deals with how many devices you can put on a
> segment.
> http://www.tcpipguide.com/free/t_I [...] cities.htm
>
> You are currently running a class c sub-net with a 192.x.x.x network. You
> can add additional sub-nets as I suggested by changing the third octet in a
> ip address or you can modify all address and go to a class a or b (Not
> recommended!). You could also supernet your addresses, again not
> recommended.
>
> As long as all the addresses are with in a local area (High speed
> connection) all you will need to do is put in a router. AD will handle
> everything w/o a problem.
>
> --
>
> Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
>
>
> "Brian Edwards" <BrianEdwards@discussions.microsoft.com> wrote in message
> news8DCF933-369C-4DA6-A61F-CD63CBD6D63D@microsoft.com...
> > Thanks Paul.
> >
> > I do understand about having to use different IP addresses in a different
> > subnet, I'm just not sure how to get Active Directory to do the proper
> > routing *between* those 2 subnets. I don't know if I need to just create
> a
> > separate subnet in Sites & Services under the same site or if I need a
> whole
> > new site or if I have to add new NIC's to every one of our servers or
> what.
> > I would imagine that there is something I need to do in DNS to get the
> > routing part of it to work, I just don't know what that something is.
> >
> > I guess the question I'm asking, which is perhaps only partially related
> to
> > this initial post and should be asked in a different thread, is, "If you
> were
> > in charge of an Active Directory forest/tree/network/thing and you were
> > quickly running out of IP addresses in the default subnet, how would you
> > setup a separate subnet or site or whatever so that you could continue
> adding
> > computers to your current network and all the machines could still talk to
> > each other?" Maybe that's a bit more descriptive than my original
> question.
> > That's the actual problem I'm facing.
> >
> > Thanks again
> >
> > "Paul Bergson" wrote:
> >
> > > From what I understood the same set of IP address are being used in both
> > > sub-nets. The router only knows about unique sub-nets. If a second
> subnet
> > > is created with the same set of addresses there is no way other than on
> the
> > > local lan can addresses be forwarded. Each subnet needs its own set of
> > > addresses. Change the third octet from a 1 to a 2 ... 192.168.2.x
> > >
> > >
> > > "The single DC in DOMAINB does not host a DHCP server, and for example,
> the
> > > DOMAINB DC's fixed IP address is 192.168.1.53; it's
> > > subnet is 192.168.1.x. This is the same subnet as all the computers in
> > > DOMAINA."
> > >
> > >
> > >
> > > --
> > >
> > > Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
> > >
> > > This posting is provided "AS IS" with no warranties, and confers no
> rights.
> > >
> > >
> > >
> > > "Brian Edwards" <BrianEdwards@discussions.microsoft.com> wrote in
> message
> > > news:2D585CAA-FCD2-459F-8317-43463C90EA16@microsoft.com...
> > > > Can you expand on this "...unique addressing that is routable between
> the
> > > > two"? My problem is that I am running out of IP addresses on DOMAINA
> and
> > > > want to begin using a 2nd subnet using the same domain name, DC's,
> > > gateway,
> > > > etc. I'm really not sure where to begin.
> > > >
> > > > TIA :-]
> > > >
> > > > -Brian
> > > >
> > > > "Paul Bergson" wrote:
> > > >
> > > > > Correct
> > > > >
> > > > > Different subnet different range of addresses. You don't need dhcp
> (If
> > > you
> > > > > used fixed) but you do need unique addressing that is routable
> between
> > > the
> > > > > two.
> > > > >
> > > > > --
> > > > >
> > > > > Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
> > > > >
> > > > > This posting is provided "AS IS" with no warranties, and confers no
> > > rights.
> > > > >
> > > > >
> > > > >
> > > > > "Gina" <Gina@discussions.microsoft.com> wrote in message
> > > > > news:A838963E-E274-493F-A1D9-663D12F77250@microsoft.com...
> > > > > > Okay, I think I get what you're saying, but now I think I have
> > > something
> > > > > in
> > > > > > DOMAINB set up wrong.
> > >
> > > > > >
> > > > > > I am thinking this is wrong because from what you suggested,
> there's
> > > no
> > > > > way
> > > > > > to assign a new zone, which would be the same zone for both
> DOMAINA
> > > and
> > > > > > DOMAINB, right?
> > > > > >
> > > > > > I don't know what I'm doing, yes, but I might if I can get past
> this!
> > > I
> > > > > > hope this makes sense. Thanks for your help.
> > > > > >
> > > > > > "Paul Bergson" wrote:
> > > > > >
> > > > > > > Once you have Domain B up and running you could make a secondary
> DNS
> > > > > zone of
> > > > > > > A in B and B in A. Once this is done you should be able to
> setup a
> > > > > trust
> > > > > > > between the two. Also setup Domain B's DNS server to "Forward"
> > > unknown
> > > > > > > requests to Domain A.
> > > > > > >
> > > > > > > Here is a white paper on DNS
> > > > > > > http://support.microsoft.com/defau [...] -us;298448
> > > > > > >
> > > > > > > --
> > > > > > >
> > > > > > > Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
> > > > > > >
> > > > > > > This posting is provided "AS IS" with no warranties, and confers
> no
> > > > > rights.
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > "Gina" <Gina@discussions.microsoft.com> wrote in message
> > > > > > > news:6087DA38-4583-44D2-8594-CD610EDFCEC5@microsoft.com...
> > > > > > > > I have a Windows 2000 network (with 1 NT client) with 2 DCs,
> > > firewall
> > > > > and
> > > > > > > > router to a T-1 connection. There is a single domain
> DOMAINA.com.
> > > In
> > > > > a
> > > > > > > lab
> > > > > > > > environment, I want to create a new domain DOMAINB.com that
> uses
> > > the
> > > > > > > gateway
> > > > > > > > to get out to the internet, but whose members can access
> resources
> > > in
> > > > > > > DOMAINA
> > > > > > > > and visa versa.
> > > > > > > >
> > > > > > > > I already attempted doing this by installing Win2000 Server on
> a
> > > new
> > > > > box
> > > > > > > as
> > > > > > > > a DC with DNS and Active Directory. At one point I managed to
> > > tell
> > > > > this
> > > > > > > new
> > > > > > > > DOMAINB to trust DOMAINA and was able to see computers in the
> > > DOMAINA
> > > > > > > > network, but we made changes to DNS in DOMAINA that may have
> > > nullified
> > > > > > > that.
> > > > > > > >
> > > > > > > > I'm ready to start again, so any suggestions to make a fresh
> start
> > > and
> > > > > > > > welcome.
> > > > > > >
> > > > > > >
> > > > > > >
> > > > >
> > > > >
> > > > >
> > >
> > >
> > >
>
>
>