1. Can I setup the AD using the structure
and still make domain1 accessable to the internet for vpn sessions? or,
should I direct the vpn to domain2 and from there (say an intranet website) direct the user to domain1?
Our AD is similar than the AD you want to setup. Hope this can help you. Our AD consists of two internal Domains none of them is accesible from the internet as you like one of your domains be. I’m in charge of administering domain2 which is domain2.domain1.com
As you may see, the structure you suggest is possible within AD, however the first domain in the forest takes precedence, that means, will be the master administrator. You can not have domain2 as part of domain1.
As to the vpn, I see no problem to access any domain thru a VPN and from there jump to the other domains as long the domain user of domain2 have access to services in domain1. Contact your ISP provider for this.
Will AD share the DNS service with the other domains we host nicely or should I anticipate some interesting times ahead? If anyone has any past expeierence with this, their thoughts and comments would be very much appreciated.
That’s the way our network is setup. Domain2 uses Domain1 DNS Server without any problem. Just configure domain1 server network properties to point to the domain1 DNS server. We have no problems at all with this setup. I want to make that our domain1 and domain2 resides in differente Domain Servers and that domain users validate in their respective domain server to access services in the LAN/WAN.
Another thing, do not use a Domain Server for any thing than to validate domain user accounts and to act as a DNS server. If you have other applications like SQLServer or Exchange, install them on their own servers. Never install Exchange and SQL in the same server or a worst, in a server acting as a Domain Server.