Domain Controller
We have two domain controller primary and secondary.
We are in the process of establishing a private network with other companies using a private set of IPs.
Our AD is already NAT to an IP to access the Internet (DNS services, updates, etc).
My question, how can I make the AD a part of another private network? Can it have two IPs without affecting the funciotnality? I tried NATing to two different IPs based on the destination but it didn't work. I am thinking of installing another network card and configure the second IP but I am not sure how it will affect the AD.
Any suggestions
Software/Hardware used:
Software/Hardware used:
ASKED:
December 17, 2007 7:33 AM
UPDATED:
May 18, 2012 5:26 AM
Answer Wiki:
Not really enough information
If you are establishing a private network using a private address range
10.0.0.0 through 10.255.255.255
169.254.0.0 through 169.254.255.255 (APIPA only)
172.16.0.0 through 172.31.255.255
192.168.0.0 through 192.168.255.255
So the network is on your own WAN/LAN link??? example below
Your Network>>>>>Router-------------------WANLINK------------------Router>>>>>>>>Other Company
10.5.10.1--------------202.16.134.20------------------------------------202.18.136.12...............10.7.10.1
you dont say what servers you are using? If Windows you will have to create trusts between the sites.
Installing two network cards? not sure if this would work depends on your WAN set up.
If you you are using Windows you can add another IP address to the same card but this will cause issues.
Please provide more info
You need to first throw a firewall in there with a public address, and then allow the firewall to give out private ip addresses to your internal network . This way you can allow the other private networks to communicate with your network via the rules setup in your firewall. I would never allow my ad server to be viewed by the other networks without having a firewall in between.
To see all answers submitted to the Answer Wiki: View Answer History.
To quickly answer this question, in Active Directory, there are sites and subnets — these objects specifically address spanning across multiple physical and logical sites and physical networks. Before we start talking about trusts, we must first determine if there is even a Microsoft domain infrastructure in place in the environment being brought online. If not, then there is no need for a trust.
I agree that more information is need to draw more complete conclusions. You really need to understand what is happening currently in the “other compaines”. This will in effect, determine how to integrate them. There are also some considerations that go along with this, such as data and service autonomy and isolation.
You really shouldn’t need another network adapter unless you plan on using routing functionality within RRAS to setup your VPNs.
I would first throw a firewall in there with a public address, and then allow the firewall to give out private ip addresses to your internal network . This way you can allow the other private networks to communicate with your network via the rules setup in your firewall. I would never allow my ad server to be viewed by the other networks without having a firewall in between.
We are several companies not necessarily connecting to the same ISP.
We are using our own set of private IP (192.168.0.0) and NATing them to public IPs. We decided to use other sets of private IP for the new private companies’ network (172.16.0.0)
We’ll be sharing application, data, portal access, videoconferencing, etc.
The thing is Active Directory needs to part of both networks to authenticate users. We have a firewall and a proxy server for web access.
So for example, if users want to go to the Internet they’ll be mapped to IP1, if they want to access data in one of the other companies they’ll be mapped to IP2.
Connecting between all sites will be done from behind a firewall. I tried NATing the AD server to IP1 when accessing the Internet and IP2 when accessing the private network. It didn’t seem to work. There was a problem and I wasn’t able to figure out the cause. Anyway wouldn’t that be an overhead on the firewall.
Did I provide sufficient information or am I missing something?
Thanks for the help