Very strange config of DNS and AD domains . . .

  • Thread starter Thread starter Edu
  • Start date Start date
E

Edu

Hi all!

I´m trying to do something that i think that is impossible. But i shot for
any help from you . . .

I have 2 small network, one for each ot 2 enterprises. A in the first floor
and B in the second floor. I have only 1 server and only 1 AD domain
A.local.

But the people in B enterprise on the second floor need to access some
server resources and need to have internet access trough the server (ISA)
and the adsl line in A enterprise too.

I created a new AD integrated zone in DNS (the same server as AD and ISA)
named B.local. And i have created the SRV RR too equal to its in the
A.local. zone but changing the IP address to accurate to the B enterprise
and the domain name pointing to as server.B.local.

The server in the 1st floor has 2 NICs. One named LOCAL for the LAN and with
2 IP addresses 10.0.0.1/24 and 10.0.1.1/24 and the other network card is
named INTERNET with a single IP addres 81.x.x.x/24

I really need that the people on the second floor have the experience as if
the log on your inexistent domain (B.local) but really they are logging on
the same DC as the A.local domain, and the shared data is on this same
server and the Internet Connection and ISA too.

Any help is much appreciated.

I hope this message isn't too confusing.

Eduardo
 
If I understand your message correctly you want people on the second
floor to have the exact same rights, privleges, shared resource
access, and internet access as the people on the first floor. Why
don't you just make them members of A.local and have them log-in to
A.Local. You get the desired end result and you don't have to futz
with DNS, etc. to get a "fake" domain.

I apologize if I misunderstood your question.

Chris
 
In
Edu said:
Hi all!

I´m trying to do something that i think that is impossible. But i
shot for any help from you . . .

I have 2 small network, one for each ot 2 enterprises. A in the first
floor and B in the second floor. I have only 1 server and only 1 AD
domain A.local.

But the people in B enterprise on the second floor need to access some
server resources and need to have internet access trough the server
(ISA) and the adsl line in A enterprise too.

I created a new AD integrated zone in DNS (the same server as AD and
ISA) named B.local. And i have created the SRV RR too equal to its in
the A.local. zone but changing the IP address to accurate to the B
enterprise and the domain name pointing to as server.B.local.

The server in the 1st floor has 2 NICs. One named LOCAL for the LAN
and with 2 IP addresses 10.0.0.1/24 and 10.0.1.1/24 and the other
network card is named INTERNET with a single IP addres 81.x.x.x/24

I really need that the people on the second floor have the experience
as if the log on your inexistent domain (B.local) but really they are
logging on the same DC as the A.local domain, and the shared data is
on this same server and the Internet Connection and ISA too.

Any help is much appreciated.

I hope this message isn't too confusing.

Eduardo
Click to expand...

I think if I understand what you want, you should use Organizational Units,
and assign resources according to the OU the user belongs to. Create your OU
in Active Directory Users and Computers then move the users, computers,
shares and printers to the respective OU.
Each OU can have its own resources and Group policies, you can also delegate
administration of the OUs to a different user without giving domain admin
rights.
 
Yes, thanks Kevin.

Chris you don´t understand the real problem. It's normal. I apologize for my
poor english.

I need the solution that Kevin has proposed me, and this the final solution
that i have applied. But i would like 'to go one more step' . . .

I would like that the people on the second floor can think that they have
their own DC in their own domain. A domain other than A.local, of course,
for example B.local.

As this, we have 2 very small enterprises sharing a DC and some other
resources (not all of the resources) but the experience of the employees is
that they have their own resources, DC, machines and connections each one.

I hope you can understand me better now.

Thank you very much for your patience anyway.

P.S.:
My best wishes for all of the victims at the 'Masacre' in Atocha (Madrid).
It´s horrible. It´s awful. I was in Atocha the last Thursday, 11M at 7:36
and, believe me, it was the worse experience in my life. However, i can
thank to God that I am alive and I can talk about it.
 
In
Edu said:
Yes, thanks Kevin.

Chris you don´t understand the real problem. It's normal. I apologize
for my poor english.

I need the solution that Kevin has proposed me, and this the final
solution that i have applied. But i would like 'to go one more step'
. . .

I would like that the people on the second floor can think that they
have their own DC in their own domain. A domain other than A.local,
of course, for example B.local.

As this, we have 2 very small enterprises sharing a DC and some other
resources (not all of the resources) but the experience of the
employees is that they have their own resources, DC, machines and
connections each one.

I hope you can understand me better now.

Thank you very much for your patience anyway.

P.S.:
My best wishes for all of the victims at the 'Masacre' in Atocha
(Madrid). It´s horrible. It´s awful. I was in Atocha the last
Thursday, 11M at 7:36 and, believe me, it was the worse experience in
my life. However, i can thank to God that I am alive and I can talk
about it.
Click to expand...

Since you still only have one Domain you cannot make it act like two domains
through DNS.

What you can do is, if there are no legacy clients in the enterprize you can
have all users logon using the UPN logon (Universal Principle Name) it looks
like an emal address i.e. (e-mail address removed) and (e-mail address removed) (it needs
the . in the name). You will need to add the domain to the UPN logon list in
Active Directory Domains and Trusts. To do that, go to ADD&T console, at the
top right click on ADD&T, choose properties, add the name to the UPN logon
list. That is the best way I can think of with only one domain. (In addition
to using OUs to assign resources and policies)
 
Back
Top