[AD and DNS] Hosting a dev domain on top of a live network?

SiD the Turtle

SiD the Turtle

SiD the Turtle

Soldato
Joined
16 Nov 2003
Posts
9,682
Location
On the pale blue dot
Hi guys,

Odd situation for you. We have a 2003 domain functional level domain here. We also have virtualised (Hyper-V) test domains on their own virtual networks. This means that to use any machine other than the test domain's DC remotely, you need to remote onto the DC and then from there remote to the specific machine.

What we want is a completely separate forest (i.e. minimum changes to the live domain) that's piggybacking on the live network so that people can remote directly onto dev machines.

As I don't want to experiment, what's the best way to make this test domain visible while it's sitting on top of the live network? I guess I need to play with DNS in some fashion.
 
It's a difficult question to answer without knowing what you're doing and how much separation you require, anything from inter-domain trusts to a fully separate network firewalled off and replicating the DNS entries you require into your live domain so you can RDP...
 
If you just want to be able to rdp into any of the dev machines, you just need to make sure that routing and firewalling between the live and dev networks permits it, and obviously users have login accounts for the dev environment.
 
Cheers guys, after a bit of Googling I found the answer appropriate to my setup. The best way to look at it was two completely separate networks that need access to each other, for example two companies after a merger.

So to solve the problem I set up a DNS stub for the test domain in live's DNS and vice versa. Apparently conditional forwarding would do the same thing, but it doesn't work for me. The only - understandable - limitation of this setup is that sitting on a client PC in the live domain I have to use the FQDN of the test servers rather than just their server names to RDP, access shares or otherwise connect to them.
 
SiD the Turtle said:
The only - understandable - limitation of this setup is that sitting on a client PC in the live domain I have to use the FQDN of the test servers rather than just their server names to RDP, access shares or otherwise connect to them.
Click to expand...

This can be overcome by adding the domain into the DNS suffix list in your TCP settings. This can be done manually or by group policy.
 
Cheers I'll give that a try, though how can it be smart enough to know which domain to go to? Say I connected to a server named 'Bob', how does it know I want bob.live.com and not bob.test.com?
 
You must log in or register to reply here.
Back
Top Bottom