 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Windows Server Forum / Windows Server 2003 / DNS / July 2005Help how do i setup two domains on one network?
Ok im a newbie when it comes to windows 2003 dns and all that. Here is what i have i have a server setup for our staff active Directory and dns is setup all seems fine we do a roaming profiles and login times are quick so i think i have it setup right. But now i want to add a student server on its own new domain to keep them off the staff domain how do i do that? i have a new box with windows 2003 setup i started up active and dns setup a new user to test went over to the staff server and told Dns to forward any other requests to this dns first. but when i go to a PC and try to join that domain "student.local i cant see or find it but if i try to join the staff domain a login pops up and lets me i know im miss something with dns but what? i have the staff domain doing dhcp and its ip is the first dns setting and my internets dns as the 2nd. sorry for the newbe questions trying to get a handle on active Directory and dns before i take some classes on it.. and i would love to have studnet logins/profiles setup for the frist of the school year. thanks > Ok im a newbie when it comes to windows 2003 dns and all that. > [quoted text clipped - 15 lines] > > thanks Microsoft reccoemnds single domain for ease of administration and centralized group policy model. Trust me, from experience, that is the way to go. Put students in their own OU. To get to your question are these domains in the same forest? 255248 - HOW TO Create a Child Domain in Active Directory and Delegate the DNS Namespace to the Child Domain: http://support.microsoft.com/?id=255248  SignatureTodd J Heron, MCSE Windows Server 2003/2000/NT; CCA ---------------------------------------------------------------------------- This posting is provided "as is" with no warranties and confers no rights Hi todd thanks for the help im not sure i understand you as of right now i have a staff domain on a windows 2003 box and i wanted to add a 2nd server for the students and have there own domain to keep them away from the staff server/domain can i do that by makeing a child forest on a differnt windows 2003 server? > > Ok im a newbie when it comes to windows 2003 dns and all that. > > [quoted text clipped - 24 lines] > DNS Namespace to the Child Domain: > http://support.microsoft.com/?id=255248 Ok here is what i tried but failed i removed active Directory and dns from the new student server. restarted and ran active Directory told it to be a child of a existing tree "my staff server" filled out the user name password entered the domain i wanted it to be a child of and it waits a few minuets entered the domain info and the new child name and a few steps later it gives me this error The operation failed because: Active Directory could not replicate the directory partition CN=Schema,CN=Configuration,DC=eastcentral,DC=k12,DC=mn,DC=us from the remote domain controller server1.timmy.k12.mn.us. "Access is denied." not sure why i have the admin login and pass? what i want to happen is i have a staff server setup with dns and active Directory every thing works great profiles are fast :) i want to add a 2nd server for the studnets and keep them away from the staff server i think by doing the child domain im on the right track but not sure help help help :) thanks in advance > Ok here is what i tried but failed i removed active Directory and dns > from the new student server. restarted and ran active Directory told [quoted text clipped - 17 lines] > > thanks in advance Join the new server to the current domain and logon to it using a domain administrator account. Then start DCpromo as a child domain of the existing domain, this should give you the permissions you need. SignatureBest regards, Kevin D4 Dad Goodknecht Sr. [MVP] Hope This Helps =================================== When responding to posts, please "Reply to Group" via your newsreader so that others may learn and benefit from your issue, to respond directly to me remove the nospam. from my email address. =================================== http://www.lonestaramerica.com/ =================================== Use Outlook Express?... Get OE_Quotefix: It will strip signature out and more http://home.in.tum.de/~jain/software/oe-quotefix/ =================================== Keep a back up of your OE settings and folders with OEBackup: http://www.oehelp.com/OEBackup/Default.aspx =================================== > Join the new server to the current domain and logon to it using a > domain administrator account. Then start DCpromo as a child domain of > the existing domain, this should give you the permissions you need. Or he can use the RunAs command to run dcpromo in the domain admin's context. SignatureRegards, Ace Please direct all replies ONLY to the Microsoft public newsgroups so all can benefit. This posting is provided "AS-IS" with no warranties or guarantees and confers no rights. Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP Microsoft Windows MVP - Windows Server - Directory Services Infinite Diversities in Infinite Combinations. ================================= I joined the domain and it worked great thanks one more thing ive noticed after i setup the student server i made a group policy and added users and it all seems good thanks about 40 sec's to login to a pc for the first time then after that its quick but i setup a wallpaper to be pushed thought the policy and every now and then it load on the screen about a quater of the way and the rest is black and then if i hit the refresh it loads the whole way in way for me to fix that ? its a jpg wall paper so i had to turn on active directory though the policy too so i could use jpgs .. thanks for all the great help > > Ok here is what i tried but failed i removed active Directory and dns > > from the new student server. restarted and ran active Directory told [quoted text clipped - 21 lines] > administrator account. Then start DCpromo as a child domain of the existing > domain, this should give you the permissions you need. Ok im not sure how to do this but i have the studnet server up and everything seems great but how do i make it so the student that login to that server can see the parent server the staff one? i would like to make it so they can only access the student one only is there a trust i can change? > Ok im not sure how to do this but i have the studnet server up and > everything seems great but how do i make it so the student that login > to that server can see the parent server the staff one? i would like > to make it so they can only access the student one only is there a > trust i can change? Trusts are default, nothing to change. What exactly do you want a student logging into the child domain see in the parent domain? Ace HI Ace i would like the students to only be able to see the student server not the parent at alll or at best the printers only but my plan was to just reset the hand full o printers that studnets should be abel to use on the studnet server so no accesss to the parent would be nice.. thanks for helping > In news:5D4C9477-E0BE-401E-A975-54D87B979664@microsoft.com, > timmy <timmy@discussions.microsoft.com> stated, which I then commented on [quoted text clipped - 11 lines] > > Ace > HI Ace i would like the students to only be able to see the student > server not the parent at alll or at best the printers only but my [quoted text clipped - 3 lines] > > thanks for helping Oh, ok, I see. Then just go into the parent domain's printer's properties and add the student group that you want to allow to print and give them "Print" permissions. It should be that easy. Ace Hi I'm am doing the same exact configuration. There are transitive trusts between the domains so if I don't want the students to see the staff domain how do I accomplish this? 1. I was going to set up a restrictive desktop profile. 2. Permissions can be set, but do I set permissions on the staff DC's "c" drive and give permisisons only for the "staff?" I'm not clear on how to set permissions to keep the students out of the entire staff DC. 3. Router rules. Has anybody set up router rules to restrict traffice? Thanks, Patricia SignatureP Cully > In news:0A1567E7-1D29-446A-8B50-03153F35BE41@microsoft.com, > timmy <timmy@discussions.microsoft.com> stated, which I then commented on [quoted text clipped - 12 lines] > > Ace > Hi > [quoted text clipped - 3 lines] > > 1. I was going to set up a restrictive desktop profile. By default anyone can see anything in network neighborhood. Is that what you are talking about? That can't be helped unless you remove My Network Places in the profile. Is that what you are talking about in step #1? Also by default, any user in a domain cannot access anything else in any other domain unless permissions are allowed for that user. > 2. Permissions can be set, but do I set permissions on the staff > DC's "c" drive and give permisisons only for the "staff?" I'm not > clear on how to set permissions to keep the students out of the > entire staff DC. Why would you be allowing access on a DC? Are you placing their profiles or home directories on a DC? If so, put it on a different spindle other than the system (c:\) drive. They can't access the drive. Create a test user account and test it. > 3. Router rules. Has anybody set up router rules to restrict > traffice? Thanks, > Patricia What kind of router rules are you referring to? What brand router? Is this between subnets (between offices/locations) or is this your entry-pont router, such as a Cisco router? Ace hey ace im a bit confused how can i make it so the student server witch in a child of the staff server not see any of the shares? i want to make it so when a student logins in to the studnet server and goes to the network and clicks on the partent server to mess around nothing is seen or accesable thanks for help out a newbiee Hi Ace Looks like I'm doing to the following: 1. I'm working with the firewall vendor to create rules. 2. making child domains I had a question...obviously...have you ever used the User Right "Deny Logon from over the Network" to ensure that a group doesn't log on to a machine? I was doing some more reading and came across this User Right. So, if on the parent domain DC I assigned this Deny logon right to the student user group from a child domain, that should be another level of protection. Your thoughts? Thanks, Patricia SignatureP Cully > hey ace im a bit confused how can i make it so the student server witch in a > child of the staff server not see any of the shares? i want to make it so > when a student logins in to the studnet server and goes to the network and > clicks on the partent server to mess around nothing is seen or accesable > > thanks for help out a newbiee > Hi Ace > Looks like I'm doing to the following: [quoted text clipped - 11 lines] > > Patricia You can test this, but I believe it will block the ability for a user to logon to the domain. I forget specifically. You may want to use Deny Access from Across the Network: http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHel p/244d92f3-7466-47ec-aee0-9723fc75c796.mspx and http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-us/Def ault.asp?url=/resources/documentation/Windows/XP/all/reskit/en-us/prdp_log_rkhs. asp and http://www.pctechtalk.com/?m=show&id=1651&page=3 Ace > hey ace im a bit confused how can i make it so the student server > witch in a child of the staff server not see any of the shares? i [quoted text clipped - 3 lines] > > thanks for help out a newbiee You can always turn off broadcasting the shares on the parent domain's DC: net config server /hidden:yes This will not allow anyone to see the shares in the neighborhood, but will still allow you to map drives as long as you know what the sharenames are. As Softrain mentioned, you can also establish firewall and/or router rules to block 139 across the subnet, as long as the two domains are in different subnets. Ace |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2010 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.