Can active directory have 2 domains?

[Guest]

I am still unable to determine if AD 2003 can have two domains for seperate
departments. What I mean by seperate is the one department doesn't want the
pcs in the current domian to see their pcs. So I have read that server2003
can have multiple domains in a forest. I currently have - let's call is
DomainA. DomainA has 30 users. I would like to have a DomainB. PCs in this
new domain would log into DomainB and access resources on the same server
that has DomainA. So I would like to know how to add DomainB. I have tired
through DNS but I have no users and groups. I don't see any AD functionality.
I need to implement this Friday or devise a differnet plan. Buying a second
server is not an option.

Another option would be a method for not allowsing DomainA pcs to see
DomainB pcs. DomainB pcs do not want to be seen on the network by domainA
pcs.

 

[Ace Fekay [MVP]]

In

I am still unable to determine if AD 2003 can have two domains for
seperate departments. What I mean by seperate is the one department
doesn't want the pcs in the current domian to see their pcs. So I
have read that server2003 can have multiple domains in a forest. I
currently have - let's call is DomainA. DomainA has 30 users. I would
like to have a DomainB. PCs in this new domain would log into DomainB
and access resources on the same server that has DomainA. So I would
like to know how to add DomainB. I have tired through DNS but I have
no users and groups. I don't see any AD functionality. I need to
implement this Friday or devise a differnet plan. Buying a second
server is not an option.

Another option would be a method for not allowsing DomainA pcs to see
DomainB pcs. DomainB pcs do not want to be seen on the network by
domainA pcs.

Creating a child domain, or a new domain in a new tree in an existing
forest, (using dcpromo.exe), requires separate machines. Matter of fact,
it's highly recommended to have a minimum of two domain controllers per
domain anyway for fault tolerance. As for DNS, once a domain is created, it
will register the new domain and service locations (SRV records - ones with
the underscores in them). There is nothing manual to create.

Besides, machines can still "see" each other in Network Neighborhood (My Net
Places), in different domains because of the Browser service that populates
the neighborhood. Creating a domain to hide other machines won't work to do
this.To pick and choose which ones will be seen or not seen, by others won't
work at all unless someone else has any ideas to control the Browser
functions. Maybe use Scopes?

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

If this post is viewed at a non-Microsoft community website, and you were to
respond to it through that community's website, I may not see your reply
unless that website posts replies back to the original Microsoft forum.
Therefore, please direct all replies ONLY to the Microsoft public newsgroup
this thread originated in so all can benefit or ensure the web community
posts it back to the original forum.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services
Microsot Certified Trainer
Infinite Diversities in Infinite Combinations.
=================================