Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » Combining Domains On One Computer
Combining Domains On One Computer [message #159397] Wed, 29 July 2009 10:32 Go to next message
Nikeb69  is currently offline Nikeb69  United States
Messages: 4
Registered: July 2009
Junior Member
The company I work for has tasked me with coming up with options on how
to consolidate two networks (production and development) so that we can
use one computer to access both instead of one computer per domain. The
options presented to me to research was virtualization and some sort of
"dual boot" solution.

The obvious cons arise out of this "dual boot" such as viruses,
registry clashes, tools being installed on the lesser restricted machine
carrying over to the more restricted domain, etc. Is there any validity
in his option?

I'm pushing more for virutalization but I have to give good reasons of
why the other isn't actually an option at all. Any other suggestions
would be welcome as well as references to them.


--
Nikeb69
------------------------------------------------------------ ------------
Nikeb69's Profile: http://forums.techarena.in/members/119443.htm
View this thread: http://forums.techarena.in/active-directory/1222794.htm

http://forums.techarena.in
Re: Combining Domains On One Computer [message #159400 is a reply to message #159397] Wed, 29 July 2009 11:53 Go to previous messageGo to next message
Danny Sanders  is currently offline Danny Sanders  United States
Messages: 169
Registered: July 2009
Senior Member
so that we can
> use one computer to access both instead of one computer per domain. The
> options presented to me to research was virtualization and some sort of
> "dual boot" solution.


Not following what you mean by "use one computer to access both instead of
one per domain".

In my head "use one computer to access" means one computer to access the
server.


If I had to combine dev and production networks I would run the dev
enviornment on virtual servers.

Dual booting only allows one OS up at a time. It does not make any sense to
dual boot a server with produstion and dev, you would have to take down the
production server to boot into the dev server.
Are you talkng about dual booting dev servers?

hth
DDS


"Nikeb69" <Nikeb69.3w3ija@DoNotSpam.com> wrote in message
news:Nikeb69.3w3ija@DoNotSpam.com...
>
> The company I work for has tasked me with coming up with options on how
> to consolidate two networks (production and development) so that we can
> use one computer to access both instead of one computer per domain. The
> options presented to me to research was virtualization and some sort of
> "dual boot" solution.
>
> The obvious cons arise out of this "dual boot" such as viruses,
> registry clashes, tools being installed on the lesser restricted machine
> carrying over to the more restricted domain, etc. Is there any validity
> in his option?
>
> I'm pushing more for virutalization but I have to give good reasons of
> why the other isn't actually an option at all. Any other suggestions
> would be welcome as well as references to them.
>
>
> --
> Nikeb69
> ------------------------------------------------------------ ------------
> Nikeb69's Profile: http://forums.techarena.in/members/119443.htm
> View this thread: http://forums.techarena.in/active-directory/1222794.htm
>
> http://forums.techarena.in
>
Re: Combining Domains On One Computer [message #159408 is a reply to message #159397] Wed, 29 July 2009 12:53 Go to previous messageGo to next message
Nikeb69  is currently offline Nikeb69  United States
Messages: 4
Registered: July 2009
Junior Member
I meant right now they are using one computer for the development
network and one computer for the production network. They want to make
it where they use one computer to access both the production and
development networks.

Each network will maintain their own servers but they're looking at
possibly putting layer 3 switching with NAT to facilitate the traffic.
Could this be worked using domain trusts?


--
Nikeb69
------------------------------------------------------------ ------------
Nikeb69's Profile: http://forums.techarena.in/members/119443.htm
View this thread: http://forums.techarena.in/active-directory/1222794.htm

http://forums.techarena.in
Re: Combining Domains On One Computer [message #159410 is a reply to message #159408] Wed, 29 July 2009 13:24 Go to previous messageGo to next message
Danny Sanders  is currently offline Danny Sanders  United States
Messages: 169
Registered: July 2009
Senior Member
> I meant right now they are using one computer for the development
> network and one computer for the production network.

Do you mean one computer on the dev network to access the development server
on the dev network or the one computer on the development network "is" the
development server?

I would:
Put the dev servers on the same production network and just name them in a
fashion the you can tell the dev servers from the production servers.

Not sure why NAT would come into play unless I'm not understanding your
question.

hth
DDS

"Nikeb69" <Nikeb69.3w3o3b@DoNotSpam.com> wrote in message
news:Nikeb69.3w3o3b@DoNotSpam.com...
>
> I meant right now they are using one computer for the development
> network and one computer for the production network. They want to make
> it where they use one computer to access both the production and
> development networks.
>
> Each network will maintain their own servers but they're looking at
> possibly putting layer 3 switching with NAT to facilitate the traffic.
> Could this be worked using domain trusts?
>
>
> --
> Nikeb69
> ------------------------------------------------------------ ------------
> Nikeb69's Profile: http://forums.techarena.in/members/119443.htm
> View this thread: http://forums.techarena.in/active-directory/1222794.htm
>
> http://forums.techarena.in
>
Re: Combining Domains On One Computer [message #159425 is a reply to message #159410] Wed, 29 July 2009 14:39 Go to previous messageGo to next message
Nikeb69  is currently offline Nikeb69  United States
Messages: 4
Registered: July 2009
Junior Member
There is Network(Domain) A and Network(Domain) B.

I need Computer C to be able to log onto Network(Domain) A AND
Network(Domain) B.

Network(Domain) A and Network(Domain) B will remain hosted on seperate
high-end servers but connect through the same LAN which is where layer 3
switching comes into play. Hardware profiles was mentioned but this
isn't for having an at work situation then taking the computer home for
VPN use.

Apparently it's not possible to log onto two seperate domains, not in a
trust relationship through the same LAN on different servers but I need
technical justification of why.


--
Nikeb69
------------------------------------------------------------ ------------
Nikeb69's Profile: http://forums.techarena.in/members/119443.htm
View this thread: http://forums.techarena.in/active-directory/1222794.htm

http://forums.techarena.in
Re: Combining Domains On One Computer [message #159426 is a reply to message #159425] Wed, 29 July 2009 15:37 Go to previous messageGo to next message
Danny Sanders  is currently offline Danny Sanders  United States
Messages: 169
Registered: July 2009
Senior Member
Why 2 seperate networks?


Just add the development network to teh production network and
differientiate by naming convention.


Worked at a place where they had 250+ dev, test, and production servers in
the same domain and had no problems because the test servers had a T at the
end of the name, the dev servers had a D at the end and the production
servers had a P at the end of the name.

hth
DDS


"Nikeb69" <Nikeb69.3w3tna@DoNotSpam.com> wrote in message
news:Nikeb69.3w3tna@DoNotSpam.com...
>
> There is Network(Domain) A and Network(Domain) B.
>
> I need Computer C to be able to log onto Network(Domain) A AND
> Network(Domain) B.
>
> Network(Domain) A and Network(Domain) B will remain hosted on seperate
> high-end servers but connect through the same LAN which is where layer 3
> switching comes into play. Hardware profiles was mentioned but this
> isn't for having an at work situation then taking the computer home for
> VPN use.
>
> Apparently it's not possible to log onto two seperate domains, not in a
> trust relationship through the same LAN on different servers but I need
> technical justification of why.
>
>
> --
> Nikeb69
> ------------------------------------------------------------ ------------
> Nikeb69's Profile: http://forums.techarena.in/members/119443.htm
> View this thread: http://forums.techarena.in/active-directory/1222794.htm
>
> http://forums.techarena.in
>
Re: Combining Domains On One Computer [message #159438 is a reply to message #159397] Wed, 29 July 2009 16:32 Go to previous messageGo to next message
meiweb(nospam)  is currently offline meiweb(nospam)  Germany
Messages: 1307
Registered: July 2009
Senior Member
Hello Nikeb69,

A computer can only belong to one domain, that's all. If they need to switch
between 2 domains you need 2 computers or have to join the computers from
one to the other domain and back.

Depending on the needs of access to the domains, maybe a 2 way trust can
help you. But for full network access the trust will not help.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> The company I work for has tasked me with coming up with options on
> how to consolidate two networks (production and development) so that
> we can use one computer to access both instead of one computer per
> domain. The options presented to me to research was virtualization and
> some sort of "dual boot" solution.
>
> The obvious cons arise out of this "dual boot" such as viruses,
> registry clashes, tools being installed on the lesser restricted
> machine
> carrying over to the more restricted domain, etc. Is there any
> validity
> in his option?
> I'm pushing more for virutalization but I have to give good reasons of
> why the other isn't actually an option at all. Any other suggestions
> would be welcome as well as references to them.
>
> http://forums.techarena.in
>
Re: Combining Domains On One Computer [message #159450 is a reply to message #159425] Wed, 29 July 2009 17:30 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"Nikeb69" <Nikeb69.3w3tna@DoNotSpam.com> wrote in message
news:Nikeb69.3w3tna@DoNotSpam.com...
>
> There is Network(Domain) A and Network(Domain) B.
>
> I need Computer C to be able to log onto Network(Domain) A AND
> Network(Domain) B.
>
> Network(Domain) A and Network(Domain) B will remain hosted on seperate
> high-end servers but connect through the same LAN which is where layer 3
> switching comes into play. Hardware profiles was mentioned but this
> isn't for having an at work situation then taking the computer home for
> VPN use.
>
> Apparently it's not possible to log onto two seperate domains, not in a
> trust relationship through the same LAN on different servers but I need
> technical justification of why.

Hi Nikeb69,

This is actually the first I've heard of anyone requiring a justification as
to why a machine cannot be joined to two different domains. It's been a
known fact since the NT3.1 days in the early 90's.

It's kind of a marriage the computer preforms when joined to a domain. The
workstation's SID is actually bound to a trust relationship to the domain it
belongs to and the computer follows and abides to the security settings of
the domain it's joined to. It's a security feature that doesn't allow
multiple domain joins, otherwise there's the possibility of one join
compromising security wtih the other join. I can imagine what some IT
security folks would say about having a machine joined to mulitple domains.
They wouldn't be able to control it to keep it under their own security
SLAs, therefore probably would want nothing to do with it.

One suggestion is to just keep it unjoined. You will still be able to access
resources from both sides without problems, just by providing credentials,
whether using mapped drives, UNCs, access to databases (SQL or otherwise),
Exchange, etc. But keep in mind with Outlook, it can only have one Exchange
email account per Outlook Profiles, but of course you can create multiple
Outlook profiles. My laptop is unjoined, and with my multiple customers, I
simply access their resources just by providing the necessary credentials,
whether at the office, using a Cisco VPN or a Microsoft PPTP VPN when
remote.

Another suggestion, which was already touched on, is using a host machine
with two VM hosts (VPC or VMware), each joined to the two domains. You can
use it simultaneously.

A third suggestion is GlobeSoft's utility. They offer a utility called
MultinetworManager. Maybe give that a shot.
http://www.globesoft.com/mnm9_home.asp

But IMHO, I would simply leave it unjoined.

Curious, let us know how you're going to handle it.

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum to benefit from collaboration
among responding engineers, and to help others benefit from your resolution.

Ace Fekay, MCT, MCTS Exchange, MCSE, MCSA 2003 & 2000, MCSA Messaging
Microsoft Certified Trainer
http://twitter.com/acefekay

For urgent issues, you may want to contact Microsoft PSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Re: Combining Domains On One Computer [message #159704 is a reply to message #159397] Tue, 04 August 2009 09:25 Go to previous messageGo to next message
Nikeb69  is currently offline Nikeb69  United States
Messages: 4
Registered: July 2009
Junior Member
We're now looking at going with a virtualization option. It seemed like
the only logical solution for the requirements that are getting put on
us. Today they threw in another twist...they want to keep the network
traffic from the two domains completely separate. The only way I can
think of is putting in VLANs but when you have bosses who know nothing
about networking, they want to have a catalog of options presented to
them so they can look at pictures and point at shiniest one which costs
the least and the amount of hours the ITs put in is of no consequence
since they're paid on salary. I'm about to make some calls to some
different virtualization vendors to ask them for advice but if anyone
can think of something that could replace VLANs in this scenario, I'm
all ears.


--
Nikeb69
------------------------------------------------------------ ------------
Nikeb69's Profile: http://forums.techarena.in/members/119443.htm
View this thread: http://forums.techarena.in/active-directory/1222794.htm

http://forums.techarena.in
Re: Combining Domains On One Computer [message #159706 is a reply to message #159704] Tue, 04 August 2009 10:05 Go to previous messageGo to next message
TheVi11ageIdiot  is currently offline TheVi11ageIdiot  United States
Messages: 1
Registered: August 2009
Junior Member
It sounds to me like your company is trying to screw you over. When is
your deadline?


--
TheVi11ageIdiot
------------------------------------------------------------ ------------
TheVi11ageIdiot's Profile: http://forums.techarena.in/members/121438.htm
View this thread: http://forums.techarena.in/active-directory/1222794.htm

http://forums.techarena.in
Re: Combining Domains On One Computer [message #159709 is a reply to message #159704] Tue, 04 August 2009 16:23 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"Nikeb69" <Nikeb69.3wejra@DoNotSpam.com> wrote in message
news:Nikeb69.3wejra@DoNotSpam.com...
>
> We're now looking at going with a virtualization option. It seemed like
> the only logical solution for the requirements that are getting put on
> us. Today they threw in another twist...they want to keep the network
> traffic from the two domains completely separate. The only way I can
> think of is putting in VLANs but when you have bosses who know nothing
> about networking, they want to have a catalog of options presented to
> them so they can look at pictures and point at shiniest one which costs
> the least and the amount of hours the ITs put in is of no consequence
> since they're paid on salary. I'm about to make some calls to some
> different virtualization vendors to ask them for advice but if anyone
> can think of something that could replace VLANs in this scenario, I'm
> all ears.
>


Virtualization on a host with multiple adapters, one plugged into different
subnets. Of course the different subnets may need to be separate VLANs
unless you have multiple routers.

Ace
Re: Combining Domains On One Computer [message #159713 is a reply to message #159704] Tue, 04 August 2009 17:39 Go to previous messageGo to next message
anthony  is currently offline anthony
Messages: 288
Registered: July 2009
Senior Member
A "domain" is a shared security context.
Combining domains is a "Trust".
Having a device in two separate unrelated security contexts is a
contradiction.
Using a VM is a fake, not really different from having two computers.

I would use a firewall to keep network traffic from two domains completely
separate.
Anthony,
http://www.airdesk.com



"Nikeb69" <Nikeb69.3wejra@DoNotSpam.com> wrote in message
news:Nikeb69.3wejra@DoNotSpam.com...
>
> We're now looking at going with a virtualization option. It seemed like
> the only logical solution for the requirements that are getting put on
> us. Today they threw in another twist...they want to keep the network
> traffic from the two domains completely separate. The only way I can
> think of is putting in VLANs but when you have bosses who know nothing
> about networking, they want to have a catalog of options presented to
> them so they can look at pictures and point at shiniest one which costs
> the least and the amount of hours the ITs put in is of no consequence
> since they're paid on salary. I'm about to make some calls to some
> different virtualization vendors to ask them for advice but if anyone
> can think of something that could replace VLANs in this scenario, I'm
> all ears.
>
>
> --
> Nikeb69
> ------------------------------------------------------------ ------------
> Nikeb69's Profile: http://forums.techarena.in/members/119443.htm
> View this thread: http://forums.techarena.in/active-directory/1222794.htm
>
> http://forums.techarena.in
>
Re: Combining Domains On One Computer [message #159716 is a reply to message #159709] Tue, 04 August 2009 19:23 Go to previous messageGo to next message
Grant Taylor  is currently offline Grant Taylor  United States
Messages: 168
Registered: July 2009
Senior Member
On 8/4/2009 5:23 PM, Ace Fekay [MCT] wrote:
> Virtualization on a host with multiple adapters, one plugged into
> different subnets. Of course the different subnets may need to be
> separate VLANs unless you have multiple routers.

*nod*

The common problem that I have when implementing VLANs is that if I use
port based config, people will move their notebook to a different port
and expect it to work the same, even if the port the moved to is on a
different VLAN. In these cases, things like 802.1x or something else
that can dynamically configure the VLAN (based on MAC address) is a good
solution to allow roaming between ports.



Grant. . . .
Re: Combining Domains On One Computer [message #159718 is a reply to message #159716] Tue, 04 August 2009 20:51 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"Grant Taylor" <gtaylor@riverviewtech.net> wrote in message
news:h5amug$mvh$3@tncsrv01.tnetconsulting.net...
> On 8/4/2009 5:23 PM, Ace Fekay [MCT] wrote:
>> Virtualization on a host with multiple adapters, one plugged into
>> different subnets. Of course the different subnets may need to be
>> separate VLANs unless you have multiple routers.
>
> *nod*
>
> The common problem that I have when implementing VLANs is that if I use
> port based config, people will move their notebook to a different port and
> expect it to work the same, even if the port the moved to is on a
> different VLAN. In these cases, things like 802.1x or something else that
> can dynamically configure the VLAN (based on MAC address) is a good
> solution to allow roaming between ports.
>
>
>
> Grant. . . .


Or simply plug the VLAN port into another switch that the machines are
plugged into?

Ace
Re: Combining Domains On One Computer [message #159719 is a reply to message #159718] Tue, 04 August 2009 21:40 Go to previous messageGo to next message
Grant Taylor  is currently offline Grant Taylor  United States
Messages: 168
Registered: July 2009
Senior Member
On 8/4/2009 9:51 PM, Ace Fekay [MCT] wrote:
> Or simply plug the VLAN port into another switch that the machines are
> plugged into?

Either we are not understanding each other, or that will not work.

I am talking about when you have a particular ethernet port (any will
do) that is used by systems from both networks at different times of the
day. I.e. in the morning, someone plugs their notebook in to the port
to check email and then later that day (over lunch) someone else from
the other network plugs their system in to the same port. How do you
make sure that they get on the appropriate VLAN?



Grant. . . .
Re: Combining Domains On One Computer [message #159726 is a reply to message #159719] Wed, 05 August 2009 04:06 Go to previous message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"Grant Taylor" <gtaylor@riverviewtech.net> wrote in message
news:h5auun$p6q$3@tncsrv01.tnetconsulting.net...
> On 8/4/2009 9:51 PM, Ace Fekay [MCT] wrote:
>> Or simply plug the VLAN port into another switch that the machines are
>> plugged into?
>
> Either we are not understanding each other, or that will not work.
>
> I am talking about when you have a particular ethernet port (any will do)
> that is used by systems from both networks at different times of the day.
> I.e. in the morning, someone plugs their notebook in to the port to check
> email and then later that day (over lunch) someone else from the other
> network plugs their system in to the same port. How do you make sure that
> they get on the appropriate VLAN?
>
>
>
> Grant. . . .


Maybe we are not understanding each other. I meant to configure two ports on
one switch with two separate VLANs. Get two more switches (not VLAN capable)
and plug them into those two ports on the first switch, and plug as many
computers as you want into them, including the interfaces cooresponding to
the VM machines. This way it doesn't matter who's plugged into different
ports on the second switches.

Unless I totally misunderstood you?

Ace
Previous Topic:Error NTDS General Global Catalog 1126
Next Topic:Re: disable Print Screen
Goto Forum:
  


Current Time: Wed Jan 17 04:11:53 MST 2018

Total time taken to generate the page: 0.03526 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software