Domain Controllers: Primary and secondary

100 pts.
Tags:
Active Directory
Domain Controller
Domain management
We have two domain controller primary and secondary. We are in the process of establishing a private network with other companies using a private set of IPs. Our AD is already NAT to an IP to access the Internet (DNS services, updates, etc). My question, how can I make the AD a part of another private network? Can it have two IPs without affecting the functionality? I tried NATing to two different IPs based on the destination but it didn't work. I am thinking of installing another network card and configure the second IP but I am not sure how it will affect the AD. Any suggestions

Answer Wiki

Thanks. We'll let you know when a new response is added.

Not really enough information

If you are establishing a private network using a private address range
10.0.0.0 through 10.255.255.255
169.254.0.0 through 169.254.255.255 (APIPA only)
172.16.0.0 through 172.31.255.255
192.168.0.0 through 192.168.255.255

So the network is on your own WAN/LAN link??? example below

Your Network>>>>>Router——————-WANLINK——————Router>>>>>>>>Other Company
10.5.10.1————–202.16.134.20————————————202.18.136.12……………10.7.10.1

you dont say what servers you are using? If Windows you will have to create trusts between the sites.
Installing two network cards? not sure if this would work depends on your WAN set up.
If you you are using Windows you can add another IP address to the same card but this will cause issues.

Please provide more info

You need to first throw a firewall in there with a public address, and then allow the firewall to give out private ip addresses to your internal network . This way you can allow the other private networks to communicate with your network via the rules setup in your firewall. I would never allow my ad server to be viewed by the other networks without having a firewall in between.

Discuss This Question: 3  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Wrobinson
    To quickly answer this question, in Active Directory, there are sites and subnets -- these objects specifically address spanning across multiple physical and logical sites and physical networks. Before we start talking about trusts, we must first determine if there is even a Microsoft domain infrastructure in place in the environment being brought online. If not, then there is no need for a trust. I agree that more information is need to draw more complete conclusions. You really need to understand what is happening currently in the "other compaines". This will in effect, determine how to integrate them. There are also some considerations that go along with this, such as data and service autonomy and isolation. You really shouldn't need another network adapter unless you plan on using routing functionality within RRAS to setup your VPNs.
    5,625 pointsBadges:
    report
  • Bhargrave
    I would first throw a firewall in there with a public address, and then allow the firewall to give out private ip addresses to your internal network . This way you can allow the other private networks to communicate with your network via the rules setup in your firewall. I would never allow my ad server to be viewed by the other networks without having a firewall in between.
    50 pointsBadges:
    report
  • Maryam82
    We are several companies not necessarily connecting to the same ISP. We are using our own set of private IP (192.168.0.0) and NATing them to public IPs. We decided to use other sets of private IP for the new private companies’ network (172.16.0.0) We’ll be sharing application, data, portal access, videoconferencing, etc. The thing is Active Directory needs to part of both networks to authenticate users. We have a firewall and a proxy server for web access. So for example, if users want to go to the Internet they’ll be mapped to IP1, if they want to access data in one of the other companies they’ll be mapped to IP2. Connecting between all sites will be done from behind a firewall. I tried NATing the AD server to IP1 when accessing the Internet and IP2 when accessing the private network. It didn’t seem to work. There was a problem and I wasn’t able to figure out the cause. Anyway wouldn’t that be an overhead on the firewall. Did I provide sufficient information or am I missing something? Thanks for the help
    100 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following