Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » 2 domains on the same subnet
2 domains on the same subnet [message #159099] Fri, 24 July 2009 01:45 Go to next message
gira  is currently offline gira
Messages: 19
Registered: July 2009
Junior Member
I need to create 2 test 2003 active directory domains. Each domain will be
in its own forest and will be a totally separate domain.
Can I put the 2 domains on the same subnet and running dhcp on both?
Example, hello.loc and bye.loc both on 192.168.1.0/24.
hello.loc's DC running DHCP with scope 192.168.1.10-50
bye.loc's DC running DHCP with scope 192.168.1.100-150

Do you guys see any issues with this setup that can potentially cause issues
in Active Directory?
Re: 2 domains on the same subnet [message #159100 is a reply to message #159099] Fri, 24 July 2009 01:53 Go to previous messageGo to next message
florian  is currently offline florian  Switzerland
Messages: 484
Registered: July 2009
Senior Member
Howdie!

gira schrieb:
> I need to create 2 test 2003 active directory domains. Each domain will be
> in its own forest and will be a totally separate domain.
> Can I put the 2 domains on the same subnet and running dhcp on both?
> Example, hello.loc and bye.loc both on 192.168.1.0/24.
> hello.loc's DC running DHCP with scope 192.168.1.10-50
> bye.loc's DC running DHCP with scope 192.168.1.100-150

This shouldn't be an issue if you configure DHCP correctly. Make sure
the clients have the correct DNS servers (DCs) configured.

Cheers,
Florian
--
Microsoft MVP - Group Policy
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Maillist (german): http://frickelsoft.net/cms/index.php?page=mailingliste
Re: 2 domains on the same subnet [message #159103 is a reply to message #159099] Fri, 24 July 2009 05:53 Go to previous messageGo to next message
meiweb(nospam)  is currently offline meiweb(nospam)  Germany
Messages: 1307
Registered: July 2009
Senior Member
Hello gira,

I do not agree with Florain about DHCP.

If you have 2 DHCP servers on the same subnet, you are not able to point
a client without an ip address to a special DHCP server. DHCP works with
first come, first serve so the faster DHCP server will offer an ip address
to a client and in your setup this can also be the DHCP server from the wrong
domain which you don't want.

So use for one forest only fixed ip addresses down to any client. The other
one you can use with DHCP. If you use reservations in DHCP it can also happen
that, if the DHCP server is not available for whatever reason, the other
DHCP server leases an address to the client and so it has again the wrong
address information.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> I need to create 2 test 2003 active directory domains. Each domain
> will be
> in its own forest and will be a totally separate domain.
> Can I put the 2 domains on the same subnet and running dhcp on both?
> Example, hello.loc and bye.loc both on 192.168.1.0/24.
> hello.loc's DC running DHCP with scope 192.168.1.10-50
> bye.loc's DC running DHCP with scope 192.168.1.100-150
> Do you guys see any issues with this setup that can potentially cause
> issues in Active Directory?
>
Re: 2 domains on the same subnet [message #159106 is a reply to message #159099] Fri, 24 July 2009 08:15 Go to previous messageGo to next message
pbbergs  is currently offline pbbergs  United States
Messages: 1024
Registered: July 2009
Senior Member
You will have to split this up into two seperate sub-nets if you want to use
dhcp for both. If you don't mind using the same dhcp and dns server then a
single sub-net should be fine. Both of these are perfectly ok, just name
each domain differently. Since they will be seperate forests it shouldn't
be an issue.

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
Microsoft's Thrive IT Pro of the Month - June 2009

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.

"gira" <gira@discussions.microsoft.com> wrote in message
news:229DC1C8-5E2F-4ACC-8B5C-1012C6955FBD@microsoft.com...
>I need to create 2 test 2003 active directory domains. Each domain will be
> in its own forest and will be a totally separate domain.
> Can I put the 2 domains on the same subnet and running dhcp on both?
> Example, hello.loc and bye.loc both on 192.168.1.0/24.
> hello.loc's DC running DHCP with scope 192.168.1.10-50
> bye.loc's DC running DHCP with scope 192.168.1.100-150
>
> Do you guys see any issues with this setup that can potentially cause
> issues
> in Active Directory?
Re: 2 domains on the same subnet [message #159109 is a reply to message #159103] Fri, 24 July 2009 09:01 Go to previous messageGo to next message
florian  is currently offline florian  Switzerland
Messages: 484
Registered: July 2009
Senior Member
Howdie!

Meinolf Weber [MVP-DS] wrote:
> I do not agree with Florain about DHCP.

:-(

> If you have 2 DHCP servers on the same subnet, you are not able to point
> a client without an ip address to a special DHCP server. DHCP works with
> first come, first serve so the faster DHCP server will offer an ip
> address to a client and in your setup this can also be the DHCP server
> from the wrong domain which you don't want.

Reservations? ;-)

Florian
Re: 2 domains on the same subnet [message #159113 is a reply to message #159109] Fri, 24 July 2009 09:34 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"Florian Frommherz [MVP]" <florian@frickelsoft.DELETETHIS.net> wrote in message news:O9zGe7FDKHA.2832@TK2MSFTNGP03.phx.gbl...
>
> Reservations? ;-)
>
> Florian


It would be too difficult to maintain. Besides, you have different DNS servers for each domain, as well as Option 015 would be different for each domain. The only commonality would be the gateway.

I agree with Meinolf and Paul to have them on separate subnets in order to use DHCP, or make one domain completely static.


--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and confers no rights.

Please reply back to the newsgroup or forum to benefit from collaboration among responding engineers, and to help others benefit from your resolution.

Ace Fekay, MCT, MCTS Exchange, MCSE, MCSA 2003 & 2000, MCSA Messaging
Microsoft Certified Trainer
aceman@mvps.RemoveThisPart.org
http://twitter.com/acefekay

For urgent issues, you may want to contact Microsoft PSS directly. Please check http://support.microsoft.com for regional support phone numbers.
Re: 2 domains on the same subnet [message #159114 is a reply to message #159099] Fri, 24 July 2009 10:56 Go to previous messageGo to next message
Jorge Silva  is currently offline Jorge Silva
Messages: 398
Registered: July 2009
Senior Member
Hi
Can you explain why you need to have things configured like that?
The best way is to have both domains and DHCP servers in different subnets,
but, also in different VLans.

Why? Simple, when the client boots there’s a possibility to receive a
DHCPOffer from the wrong DHCP ser with the wrong configurations.
Yes, you could configure all DHCP servers with all FQDN names and all DNS
servers, etc… But that is not so simple because you may end up with
performance issues; slow logons name resolution problems etc… In a scenario
where you would like to place more than one DHCP server to serve multiple
Domains, you would need to ensure that all DNS that are configured in DHCP
servers are aware of all existing domains (normally this is accomplished
with DNSAI and secondary zones for each end) and also be careful with the
configured address lease in DHCP to not overlap each one causing IP
duplications, the same applies for computer and server names. Someone stated
reservations, I don’t think that reservations are a good option, especially
in a scenario where you would have to configure one for each machine, I
would rather want Static IP address in a scenario like that, if I had to
configure one reservation for each machine!!! Why do I need DHCP?
Reservations are useful for specific scenarios and not for an entire
network.

Keep it simple, different VLan, Different IP address any cheap switch do
that easily.
--
I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MVP Directory Services
"gira" <gira@discussions.microsoft.com> wrote in message
news:229DC1C8-5E2F-4ACC-8B5C-1012C6955FBD@microsoft.com...
>I need to create 2 test 2003 active directory domains. Each domain will be
> in its own forest and will be a totally separate domain.
> Can I put the 2 domains on the same subnet and running dhcp on both?
> Example, hello.loc and bye.loc both on 192.168.1.0/24.
> hello.loc's DC running DHCP with scope 192.168.1.10-50
> bye.loc's DC running DHCP with scope 192.168.1.100-150
>
> Do you guys see any issues with this setup that can potentially cause
> issues
> in Active Directory?
Re: 2 domains on the same subnet [message #159120 is a reply to message #159109] Fri, 24 July 2009 12:44 Go to previous messageGo to next message
meiweb(nospam)  is currently offline meiweb(nospam)  Germany
Messages: 1307
Registered: July 2009
Senior Member
Hello Florian Frommherz [MVP],

Is i said before reservations can work, but if for whatever reason the DHCP
server is down, the other DHCP server will answer with the other domains
scope options.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Howdie!
>
> Meinolf Weber [MVP-DS] wrote:
>
>> I do not agree with Florain about DHCP.
>>
> :-(
>
>> If you have 2 DHCP servers on the same subnet, you are not able to
>> point a client without an ip address to a special DHCP server. DHCP
>> works with first come, first serve so the faster DHCP server will
>> offer an ip address to a client and in your setup this can also be
>> the DHCP server from the wrong domain which you don't want.
>>
> Reservations? ;-)
>
> Florian
>
Re: 2 domains on the same subnet [message #159163 is a reply to message #159114] Fri, 24 July 2009 23:24 Go to previous messageGo to next message
gira  is currently offline gira
Messages: 19
Registered: July 2009
Junior Member
Thank you all for your inputs.
If I don't mind doing an IP reservation on both domains, than it should work
on the same subnet right?
If both domain's DHCH servers are using IP reservation and if domain A's
DHCP server goes down, the domain B's DHCP won't give out an IP address to
the machines on domain A so it'll prevent giving out the wrong IPs at least.
Am I right?


"Jorge Silva" wrote:

> Hi
> Can you explain why you need to have things configured like that?
> The best way is to have both domains and DHCP servers in different subnets,
> but, also in different VLans.
>
> Why? Simple, when the client boots there’s a possibility to receive a
> DHCPOffer from the wrong DHCP ser with the wrong configurations.
> Yes, you could configure all DHCP servers with all FQDN names and all DNS
> servers, etc… But that is not so simple because you may end up with
> performance issues; slow logons name resolution problems etc… In a scenario
> where you would like to place more than one DHCP server to serve multiple
> Domains, you would need to ensure that all DNS that are configured in DHCP
> servers are aware of all existing domains (normally this is accomplished
> with DNSAI and secondary zones for each end) and also be careful with the
> configured address lease in DHCP to not overlap each one causing IP
> duplications, the same applies for computer and server names. Someone stated
> reservations, I don’t think that reservations are a good option, especially
> in a scenario where you would have to configure one for each machine, I
> would rather want Static IP address in a scenario like that, if I had to
> configure one reservation for each machine!!! Why do I need DHCP?
> Reservations are useful for specific scenarios and not for an entire
> network.
>
> Keep it simple, different VLan, Different IP address any cheap switch do
> that easily.
> --
> I hope that the information above helps you.
> Have a Nice day.
>
> Jorge Silva
> MVP Directory Services
> "gira" <gira@discussions.microsoft.com> wrote in message
> news:229DC1C8-5E2F-4ACC-8B5C-1012C6955FBD@microsoft.com...
> >I need to create 2 test 2003 active directory domains. Each domain will be
> > in its own forest and will be a totally separate domain.
> > Can I put the 2 domains on the same subnet and running dhcp on both?
> > Example, hello.loc and bye.loc both on 192.168.1.0/24.
> > hello.loc's DC running DHCP with scope 192.168.1.10-50
> > bye.loc's DC running DHCP with scope 192.168.1.100-150
> >
> > Do you guys see any issues with this setup that can potentially cause
> > issues
> > in Active Directory?
>
Re: 2 domains on the same subnet [message #159164 is a reply to message #159163] Fri, 24 July 2009 23:46 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"gira" <gira@discussions.microsoft.com> wrote in message
news:E1CB46B7-65A4-44EF-AE80-6C01E10DA9F7@microsoft.com...
> Thank you all for your inputs.
> If I don't mind doing an IP reservation on both domains, than it should
> work
> on the same subnet right?
> If both domain's DHCH servers are using IP reservation and if domain A's
> DHCP server goes down, the domain B's DHCP won't give out an IP address
> to
> the machines on domain A so it'll prevent giving out the wrong IPs at
> least.
> Am I right?

What about DNS? Each domain needs their own DNS, especially if they are in
separate forests, because each respective domain resources need to register
into their own domain's zone in their own respective DNS servers.

Ace
Re: 2 domains on the same subnet [message #159173 is a reply to message #159163] Sat, 25 July 2009 17:49 Go to previous messageGo to next message
Jorge Silva  is currently offline Jorge Silva
Messages: 398
Registered: July 2009
Senior Member
Forget the reservations.
Before answering your question, let me ask you: Is the separate VLan an
option for you or not?

--
I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MVP Directory Services
"gira" <gira@discussions.microsoft.com> wrote in message
news:E1CB46B7-65A4-44EF-AE80-6C01E10DA9F7@microsoft.com...
> Thank you all for your inputs.
> If I don't mind doing an IP reservation on both domains, than it should
> work
> on the same subnet right?
> If both domain's DHCH servers are using IP reservation and if domain A's
> DHCP server goes down, the domain B's DHCP won't give out an IP address
> to
> the machines on domain A so it'll prevent giving out the wrong IPs at
> least.
> Am I right?
>
>
> "Jorge Silva" wrote:
>
>> Hi
>> Can you explain why you need to have things configured like that?
>> The best way is to have both domains and DHCP servers in different
>> subnets,
>> but, also in different VLans.
>>
>> Why? Simple, when the client boots there’s a possibility to receive a
>> DHCPOffer from the wrong DHCP ser with the wrong configurations.
>> Yes, you could configure all DHCP servers with all FQDN names and all DNS
>> servers, etc… But that is not so simple because you may end up with
>> performance issues; slow logons name resolution problems etc… In a
>> scenario
>> where you would like to place more than one DHCP server to serve multiple
>> Domains, you would need to ensure that all DNS that are configured in
>> DHCP
>> servers are aware of all existing domains (normally this is accomplished
>> with DNSAI and secondary zones for each end) and also be careful with the
>> configured address lease in DHCP to not overlap each one causing IP
>> duplications, the same applies for computer and server names. Someone
>> stated
>> reservations, I don’t think that reservations are a good option,
>> especially
>> in a scenario where you would have to configure one for each machine, I
>> would rather want Static IP address in a scenario like that, if I had to
>> configure one reservation for each machine!!! Why do I need DHCP?
>> Reservations are useful for specific scenarios and not for an entire
>> network.
>>
>> Keep it simple, different VLan, Different IP address any cheap switch do
>> that easily.
>> --
>> I hope that the information above helps you.
>> Have a Nice day.
>>
>> Jorge Silva
>> MVP Directory Services
>> "gira" <gira@discussions.microsoft.com> wrote in message
>> news:229DC1C8-5E2F-4ACC-8B5C-1012C6955FBD@microsoft.com...
>> >I need to create 2 test 2003 active directory domains. Each domain will
>> >be
>> > in its own forest and will be a totally separate domain.
>> > Can I put the 2 domains on the same subnet and running dhcp on both?
>> > Example, hello.loc and bye.loc both on 192.168.1.0/24.
>> > hello.loc's DC running DHCP with scope 192.168.1.10-50
>> > bye.loc's DC running DHCP with scope 192.168.1.100-150
>> >
>> > Do you guys see any issues with this setup that can potentially cause
>> > issues
>> > in Active Directory?
>>
Re: 2 domains on the same subnet [message #159186 is a reply to message #159173] Sun, 26 July 2009 19:29 Go to previous messageGo to next message
gira  is currently offline gira
Messages: 19
Registered: July 2009
Junior Member
> Forget the reservations.
> Before answering your question, let me ask you: Is the separate VLan an
> option for you or not?
The firewall/router that we have only has a single LAN interface and it
doesn't support a sub/virtual interface so I'm forced to put both domains on
the same subnet.


>What about DNS? Each domain needs their own DNS, especially if they are in
>separate forests, because each respective domain resources need to register
i>nto their own domain's zone in their own respective DNS servers.
Each domain will have its own DNS and the DHCP lease will have the DNS
server info. for its own domain.
Re: 2 domains on the same subnet [message #159187 is a reply to message #159186] Sun, 26 July 2009 19:33 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"gira" <gira@discussions.microsoft.com> wrote in message
news:8170EB67-522A-446B-9DB9-79B220F8539F@microsoft.com...
>> Forget the reservations.
>> Before answering your question, let me ask you: Is the separate VLan an
>> option for you or not?
> The firewall/router that we have only has a single LAN interface and it
> doesn't support a sub/virtual interface so I'm forced to put both domains
> on
> the same subnet.

Then you're going to need to make one domain DHCP, and the other statically
configured. This is largely due to the DNS settings, as discussed. Each
domain has their own DNS server for its domain, that the domain controllers
register SRV and other data in order for their own client machines to "find"
their own domain. You can't mix this.

Ace
Re: 2 domains on the same subnet [message #159196 is a reply to message #159186] Mon, 27 July 2009 05:31 Go to previous messageGo to next message
Jorge Silva  is currently offline Jorge Silva
Messages: 398
Registered: July 2009
Senior Member
Ok,
How many DHCP clients are we talking about? If few, I would suggest you to
use static IPAddress.

If you really need DHCP you should NOT place 2 different DHCP servers from
different forests in the same subnet because one or both will shutdown
swince they're authorized in different forests.

Assuming DHCP only from one domain, you've to make sure that existing DNS
servers can resolve each other forests FQDN, SRV, A records, etc... without
any problems, this can be acomplished with secondary zones, stub zones,
conditional forwarding... Basically you need to configure your DNS
infrastructure in both domains/forests as if you would do a trust
relationship between them.
--
I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MVP Directory Services
"gira" <gira@discussions.microsoft.com> wrote in message
news:8170EB67-522A-446B-9DB9-79B220F8539F@microsoft.com...
>> Forget the reservations.
>> Before answering your question, let me ask you: Is the separate VLan an
>> option for you or not?
> The firewall/router that we have only has a single LAN interface and it
> doesn't support a sub/virtual interface so I'm forced to put both domains
> on
> the same subnet.
>
>
>>What about DNS? Each domain needs their own DNS, especially if they are in
>>separate forests, because each respective domain resources need to
>>register
> i>nto their own domain's zone in their own respective DNS servers.
> Each domain will have its own DNS and the DHCP lease will have the DNS
> server info. for its own domain.
>
>
Re: 2 domains on the same subnet [message #159609 is a reply to message #159099] Sat, 01 August 2009 22:34 Go to previous message
Paul Yhonquea  is currently offline Paul Yhonquea  United States
Messages: 13
Registered: August 2009
Junior Member
Would this be an idea? I have been kicking this method around a lot at home
(yay Virtual Server and Hyper-V '08!)
Let us assume your firewall's internal interface is addressed 192.168.1.1,
with a subnet mask of 255.255.0.0. This will be everyone's default gateway
(both domains)

Domain A can have the class B network 192.168.2.0/16 and Domain B can have
192.168.3.0/16. Each respective DHCP server will only be configured to
service it's own "class C": DomA - Range 192.168.2.10-50 and DomB - Range
192.168.3.10-50. Any scopes should be configured to give a client a subnet
mask of 255.255.0.0 and default gateway of 192.168.1.1. The only issue here
is the task of physically separating the DHCP broadcasts from each other.

Just a thought. Any other ideas?

Paul Yhonquea


"gira" <gira@discussions.microsoft.com> wrote in message
news:229DC1C8-5E2F-4ACC-8B5C-1012C6955FBD@microsoft.com...
>I need to create 2 test 2003 active directory domains. Each domain will be
> in its own forest and will be a totally separate domain.
> Can I put the 2 domains on the same subnet and running dhcp on both?
> Example, hello.loc and bye.loc both on 192.168.1.0/24.
> hello.loc's DC running DHCP with scope 192.168.1.10-50
> bye.loc's DC running DHCP with scope 192.168.1.100-150
>
> Do you guys see any issues with this setup that can potentially cause
> issues
> in Active Directory?
Previous Topic:User Attribute SecurityIdentifier free to use?
Next Topic:local users and groups
Goto Forum:
  


Current Time: Fri Oct 20 10:14:22 EDT 2017

Total time taken to generate the page: 0.10101 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software