Lab Setup

[Pat]

I am running W2K with AD with 100 users all on a 192.168.1.0 subnet. I
want to setup a lab environment with a new AD and a few workstations
to test with. I need my default gateway on this to go out and get
updates etc. But I don't want my production AD to see my lab AD. What
would I need to setup a subnet for the lab environment?

 

[Matjaz Ladava [MVP]]

If you are just using gateway to go trough router out to the internet it is
not necesary true, that your production enviroment can see your LAB network,
as the route must be two way. I don't think, that there will be any problem
with this setup.

--

Regards
Matjaz Ladava, MCSA, MCSE, MCT, MVP
Microsoft MVP Windows Server - Active Directory
(e-mail address removed), (e-mail address removed)

 

[Pat]

If you are just using gateway to go trough router out to the internet it is
not necesary true, that your production enviroment can see your LAB network,
as the route must be two way. I don't think, that there will be any problem
with this setup.

so I could put the lab on the same subnet as my production network?
setup another AD forest and use both on same subnet?

 

[Pat]

If you are just using gateway to go trough router out to the internet it is
not necesary true, that your production enviroment can see your LAB network,
as the route must be two way. I don't think, that there will be any problem
with this setup.

what would happen to AD if I throw another AD server on the same
subnet? would they try to join one another? would trusts have to be
setup for them to communicate? I want them to be totally independent
of each other, one for testing one being my live AD.

 

[Matjaz Ladava [MVP]]

I would put a lab enviroment on separate subnet. Depending on how you setup
your lab enviroment, you can not have two domains with the same netbios name
on the same subnet.

--

Regards
Matjaz Ladava, MCSA, MCSE, MCT, MVP
Microsoft MVP Windows Server - Active Directory
(e-mail address removed), (e-mail address removed)

 

[Pat]

what I have now is the following
Production network:
W2K with AD and 100 users. on a 192.168.1.0 subnet.

Lab network:
W3K Ras server joined to production network for routing
nic #1 192.168.1.241
nic #2 10.100.0.1
lab network on 10.100.0.0 subnet

lab xp WS 10.100.0.2
lab W3K server 10.100.0.3

can see production network from lab network.
my question is . if I setup a new AD forest on lab network, will it
affect my production AD by default. I want the two to be separate?

 

[Matjaz Ladava [MVP]]

no it won't.

--

Regards
Matjaz Ladava, MCSA, MCSE, MCT, MVP
Microsoft MVP Windows Server - Active Directory
(e-mail address removed), (e-mail address removed)

 

[Enkidu]

what I have now is the following
Production network:
W2K with AD and 100 users. on a 192.168.1.0 subnet.

Lab network:
W3K Ras server joined to production network for routing
nic #1 192.168.1.241
nic #2 10.100.0.1
lab network on 10.100.0.0 subnet

lab xp WS 10.100.0.2
lab W3K server 10.100.0.3

can see production network from lab network.
my question is . if I setup a new AD forest on lab network, will it
affect my production AD by default. I want the two to be separate?

What Matjaz says. When you install Windows 2000 on the first machine
on the lab network, you just tell it to create a new forest and a new
domain in that forest. It is then totally seperate from your other
forest.

Cheers,

Cliff

(MVP)

 

[Pat]

Matjaz,
I would have to setup a trust "IF" I wanted the two forests to access
each other, is that right?

 

[Pat]

What Matjaz says. When you install Windows 2000 on the first machine
on the lab network, you just tell it to create a new forest and a new
domain in that forest. It is then totally seperate from your other
forest.

Cheers,

Cliff

(MVP)

Cliff,
any DNS issues having two DNS servers?

 

[Matjaz Ladava [MVP]]

Yup you would have to, but I don't think that you would alow lab accounts to
access your domain data ? or would you ?

--

Regards
Matjaz Ladava, MCSA, MCSE, MCT, MVP
Microsoft MVP Windows Server - Active Directory
(e-mail address removed), (e-mail address removed)

 

[Enkidu]

Cliff,
any DNS issues having two DNS servers?

Mmm, can you expand on that? A DNS server can serve as many Domains as
you need, but if you have AD Integrated DNS, replication will only be
within that Domain, I believe.

DNS is not tied to a Domain, except for replication as above. The only
AD requirements for DNS are that it supports SRV records and more
importantly that it can be located by AD to do lookups. (I simplify a
little!) It doesn't *have* to reside within a Domain, a forest, or
even an organisation. It could be on the moom if your AD could find it
and it supports SRV records.

Of course most people will have DNS servers within their
organisations, and almost always on servers within their trees, but
often the only DNS really needed is a couple of DNS servers in the
root Domain of the tree. All subdomains can then use those servers.

I find it really useful to think of DNS being a seperate entity from
AD, even if it contains the AD records and resides on a
domain/tree/forest server. A lot of the type of question you asked
tend to go away if you think of it that way.

I don't know if I've answered the question in there. If not can you
give more details?

Cheers,

Cliff

(MVP)