Please Help - Multiple Forests on the same subnet?

  • Thread starter Thread starter Tino
  • Start date Start date
T

Tino

Hi

I currently manage 2 businesses IT infrastructure. Due to the likelihood of
one or both businesses being sold off to seperate companies, I have
seperated the IT infrastructure of both and made each as IT independent as
possible.

So I have 2 AD forests with a 2 way trust connecting them. Lets call them
Forest A and Forest B on Subnet A and Subnet B respectively. The 2
businesses are 150 miles apart ;)

What I want to be able to do (for disaster recovery planning) is place an AD
Domain Controller from Forest A into Forest B's Subnet (Subnet B) and create
a new AD site for it on that subnet, and vice versa.

Is this configuration possible, and if so are there any potential problems I
should expect (e.g DNS, WINS, DHCP)

Thanks in advance

Tino
 
Sounds like a good plan to me. I wouldn't foresee any DNS problems as
although Forest A will have a DC on Forest B's subnet the clients in Forest
B will not see the Forest A DC as it wont be registered in Forest B's SRV
records.
 
Mmmm still not convinced.

More info that may be of use helping people to decide if this is possible:

Both forest A and Forest B replicate their primary DNS zones to each other.
So Forest A is replicated a copy of Forest B's primary zone and vice versa.
WINS is replicated similarly. The reason DNS and WINS are replicated is
that we have employee's who's primary Forest is Forest A but they use Forest
B's resources and sometimes log in to Forest A from Forest B's subnet via
the WAN.

Thanks in advance

Tino
 
So what's the problem?? If you plonk a DC from B into A's site, and users
in A need to access B, then they wouldn't need to go across the WAN. That's
good, is it not?

The forests are separate but there's a trust; so they trust each other's
authentication - fine. They'd never do anything weird or silly like try to
replicate, because they're separate - logically and physically
(Partition-wise).

What aren't you convinced about? Perhaps, I'm missing something? :-)

In this instance I don't believe the apposing domains look at each other's
sites. That is, sites are internal to the domain, and are not used in trust
path calculation or anything else like that - they are simply a mechanism
for localising traffic and logically separating your directory (and for
GPO).


--


Paul Williams
_______________________________
http://www.msresource.net


Join us in our free, public forum:
http://forums.msresource.net
_______________________________
"Tino" <v> wrote in message Mmmm still not convinced.

More info that may be of use helping people to decide if this is possible:

Both forest A and Forest B replicate their primary DNS zones to each other.
So Forest A is replicated a copy of Forest B's primary zone and vice versa.
WINS is replicated similarly. The reason DNS and WINS are replicated is
that we have employee's who's primary Forest is Forest A but they use Forest
B's resources and sometimes log in to Forest A from Forest B's subnet via
the WAN.

Thanks in advance

Tino
 
Ok you won me over.....just my paranoid side coming through thats all :-)

I'll give it a go when i go up there next week. As a courtesy and a
thank-you to those that advised I'll update this thread accordingly.

Thanks folks
Much appreciated

Tino
 
Back
Top