2 AD network & 2 DHCP server on same subnet, Possible?

[evo800v]

Guys,

I've got two division from two physical floor needing to merge for print/file sharing. Problem is one network is a 192.168.1.x while the other one is a 10.3.8.x network.

My thought is change the 10.3.8.x into a 192.168.1.x with 2 AD integrated serving IP for that AD group only, has anyone done this? and what potential disaster could there be with such a radical change as essentially we need both systems to talk to each other for file & print sharing.

Without putting a layer 3 switch, can anyone suggest the best approach.

cheers

[psyco18]

Just a suggestion, Put a second nic in the server ad run the second subnet through it.

[evo800v]

cant do that, all PCs need to communicate to 4 servers & all printers.

[MikHail]

Are your printers Published in AD?

[evo800v]

yeap, all printers are under win2003 AD. Setting up trusts for the two AD isnt the issue. Its the 2 DHCP server on the same subnet. maybe setup 2 different scope say 192.168.1.1 - 192.168.1.150 for one DHCP AD & 192.168.151 - 192.168.1.254 for one DHCP AD.

Will this work? or PC will have leasing/renewing addressing problem, especially with DNS registration as well.

[Iceman]

Quote:

Originally Posted by evo800v

My thought is change the 10.3.8.x into a 192.168.1.x with 2 AD integrated serving IP for that AD group only, has anyone done this? and what potential disaster could there be with such a radical change as essentially we need both systems to talk to each other for file & print sharing.

And you're going to integrate DNS between the two AD networks.. how?

[NSanity]

You should consider looking into Trusts...

[Glide]

1 dhcp, 1 dns

dns forwarder to the other server

done

or you can force dns via gpo too

[Hive]

Quote:

Originally Posted by Glide

1 dhcp, 1 dns

dns forwarder to the other server

done

or you can force dns via gpo too

Very true

[Iceman]

Quote:

Originally Posted by Glide

1 dhcp, 1 dns

dns forwarder to the other server

done

or you can force dns via gpo too

If it's purely file/print sharing this might be OK. Where are the exchange servers though? One per 'floor'? If so you probably won't get away without a domain trust. Various MS techs worm their way into MS and while I haven't tried it, I'd say most of them aren't crazy about having to update a foreign, non trusted AD-DNS.

[hutsy]

It sounds like you just need to route the subnets properly?

What are you using for default the gateway on each subnet? If it's a windows server then just add an IP in the other networks range and setup the correct routes. If it's an all-in-one ADSL modem router, then you might not be so lucky (although some can still do this type of thing).

[Yak]

Quote:

Originally Posted by evo800v

Guys,

I've got two division from two physical floor needing to merge for print/file sharing. Problem is one network is a 192.168.1.x while the other one is a 10.3.8.x network.

Without putting a layer 3 switch, can anyone suggest the best approach.

DHCP is going to be your problem.
It's a broadcast, so you will have to segment/bridge the networks somehow.
Classes, or mac address ranges MIGHT work, but maintaining that would be harder than a spreadsheet with statics..

Every solution has it's pro's & con's..
Dual NICS.. multi homed windows DC's can get "grumpy" sometimes,

VLAN's might be the best solution and switches are not too pricy... (heck) even my billion ADSL modem has them!

If one network is happy to piggy back out of the "bigger" network you could "bridge" the network using something like monowall.

Otherwise you could look into http://www.vyatta.com/

Yak.

[ruro]

Are you really keen to keep your ip addresses? Just give them a larger network, it will save you headaches.

[thetron]

Quote:

Originally Posted by IACSecurity

Surely a router (or routing enabled a server) and AD Trusts will fix the problem?

i'd want to reimage all the machines qnd migrate all the users, ou and groups under one domain


What you don't need is duplication of users, settings and permissions. its messy for supporting and annoy users. FOR EXAMPLE the QLD Gov department of environment and resource management has this setup

In the month when I was working for derm (My contract end) you'd have two domains like the original poster. Because the department had merged with together with another government department the IT boffins didn't want to change anything immediately and would slowly migrate user away from one 'weaker' domain to a single domain.

However IT boffins are scared they will break shit for some users would heavily rely on the old weaker domain being faced out. Seems like this domain won't die cause the dumb boffins are AD nubs I reckon

[evo800v]

Been thinking into the problem, having two dhcp, dns is too much headache to support.

One of the AD domain only has 30 PCs connected, so we are considering removing AD and add it to the main one as member servers. There will be some work on the server with migrating users, printers, permissions. Clients in terms of desktop profile, printers, etc

We dont have exchange server so removing AD will be easier as well, long term is better supporting one AD than two.