've been tasked designing a plan to allow users to use their credentials on the servers at our diaster recovery site. I'm a unix guy, and am swimming way past the ropes. Here is the situation:
We have a datacenter for our production servers. It is a Windows 2003 level domain, with all Windows Server 2003 member servers. All servers have static IPs, with no DHCP. This is servicing about 50 remote locations, most of which are RHEL machines using numeric addresses and not DNS. We'll call this the 10.10.222.x network.
Our disaster recovery site contains servers with the same IP addresses as the servers in the production data center. There are NAT addresses, so the servers in the data center appear to the machines in the DR site as 10.10.232.x network.
I have thought of two possible solutions:
1. Make a seperate disaster recovery domain for the DR site, with a trust relationship. My hesitation with this: If I am correct, the member servers of the DR domain would not be able to authenticate using their production domain accounts if it could not see any of the production domain's domain controllers, making this a giant waste of time.
2. Place a domain controller in the DR center. My concern here is DNS. We can't have more than one machine with the same hostname in the domain. So we would have to give the machines unique names. If we have names of prod-appsrv-01 and dr-appsrv-01, it would seem that the DNS would not be consistent across the two centers. dr-appsrv-01 would appear as 10.10.222.100 to the domain controllers at the DR center, but as 10.10.232.100 to the domain controllers in the datacenter. Would this cause havoc?