none
Can you create a Child domain on the same server as parent domain

    Pregunta

  • So we have a primary domain let's call it domainA.com and we have 3 child domains. Let's call the child domains domainB,domainC, and domainD.domainA.com. Can these be created on the same server as domainA.com (the parent domain). We also need the ability to do replication from those child domains up to the parent. We also need the ability to do backups of the individual child domains seperately. Is this possible? If so, can you point me to an article of how this could be done.

    miércoles, 21 de marzo de 2012 19:36

Respuestas

Todas las respuestas

  • You need a domain controller for creating domains.  You can’t share a DC (or same machine) for multiple domains.  If you don’t have physical server, you can have virtual machines.


    Santhosh Sivarajan | Houston, TX
    http://www.sivarajan.com/

    FaceBook Twitter LinkedIn SS Tech Forum

    This posting is provided AS IS with no warranties,and confers no rights.

    miércoles, 21 de marzo de 2012 19:40
  • So for every subdomain or child domain that we have under the root, we actually have to have a physical or virtual domain controller for that domain? Seems a bit crazy to me.
    • Marcado como respuesta justin0104 miércoles, 21 de marzo de 2012 20:05
    • Desmarcado como respuesta justin0104 miércoles, 21 de marzo de 2012 20:05
    miércoles, 21 de marzo de 2012 19:42
  • It should be on seperate h/w.The same server cannot be promote as DC if it already acting as DC.

    Don't event try to promote subdomain on root domain server.A simple mistake can lead to big headache.Once you run dcpromo on existing server it will prompt for demotion of existing DC.

    But if you want to migrate object from child domain to parent domain ADMT is your friend.

    ADMT Guide: Migrating and Restructuring Active Directory Domains
    http://technet.microsoft.com/en-us/library/cc974332(WS.10).aspx

    MIGRATING STUFF WITH ADMTV3
    http://blogs.dirteam.com/blogs/jorge/archive/2006/12/27/Migrating-stuff-with-ADMTv3.aspx

    Hope this helps


    Best Regards,

    Sandesh Dubey.

    MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator | My Blog

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    miércoles, 21 de marzo de 2012 19:54
  • Why is it crazy?  Why do you need multiple domains?  Why can’t you use single Forest/Domain architecture?


    Santhosh Sivarajan | Houston, TX
    http://www.sivarajan.com/

    FaceBook Twitter LinkedIn SS Tech Forum

    This posting is provided AS IS with no warranties,and confers no rights.

    miércoles, 21 de marzo de 2012 19:55
  • Well because we need the ability to have a client subdomain and a test and development subdomain to our root domain. Can this all be done using a single forest/domain architecture? I'm not much of an AD guy i work more on the network side but i still need to help find a solution to this problem.
    miércoles, 21 de marzo de 2012 19:58
  • >>> ability to have a client subdomain and a test and development subdomain to our root domain. 

    Why it has to be a “Child domain”?

    I always start with a single Forest/Domain structure and create more domains if you a valid technical and business reasons.

    If your plan is to create a test domain inside the production forest, you will be force to share the same AD Schema.  Any schema modification can affect the entire AD forest.  


    Santhosh Sivarajan | Houston, TX
    http://www.sivarajan.com/

    FaceBook Twitter LinkedIn SS Tech Forum

    This posting is provided AS IS with no warranties,and confers no rights.

    miércoles, 21 de marzo de 2012 20:02
  • perhaps I'm using the wrong terminology. I would like to have one primary domain (domainA.com) and then I need another domain called dev.domainA.com and I need yet another called clients.domainA.com. Can this be done on the same domain controller server without having to create a new domain controller for each?
    miércoles, 21 de marzo de 2012 20:06
  • No can’t. You are using the correct terminology.

    Why do you need a client domain?  You can create all client user/computer account/resources in the top level domain (DomainA.com).  You don’t need another domain for that.  What is the purpose of DomainA.com?  Just a place holder? 

    Lab – I can understand that.  However, it might a good idea to create a separate forest for testing purpose.  

    Download the IPD for AD from this location - http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=732

    and review “Step 1: Determine the Number of Forests: and Step 2: Determine the Number of Domainssections.      


    Santhosh Sivarajan | Houston, TX
    http://www.sivarajan.com/

    FaceBook Twitter LinkedIn SS Tech Forum

    This posting is provided AS IS with no warranties,and confers no rights.



    miércoles, 21 de marzo de 2012 20:12
  • I agree with Santhosh, You should have a completely separate forest for testing. You don't want to screw up a test on something and somehow accidently throw the whole forest off. At the same time it also depends on what you're testing. 

    As for creating subdomains, I only create those for website purposes or branch offices.


    MCP MCSA MCSE MCTS MCITP CompTIA A+ CompTIA Net+ CompTIA Sec+

    miércoles, 21 de marzo de 2012 20:27
  • Q.I would like to have one primary domain (domainA.com) and then I need another domain called dev.domainA.com and I need yet another called clients.domainA.com. Can this be done on the same domain controller server without having to create a new domain controller for each?

    ANS.No,the same root domain DC cannot be used to install child DC.You need to have sepearte h/w for each child domain.

    For testing purpose you need to create test environment.If you use the same domain name it makes it nice and easy.You can backup active directory and then do an authorative restore it to your test domain.

    If you download the 60 day eval of backup exec you can do an active director system state backup and recovery nice and easily through the GUI

    Alternately,One way you can easily create a complete 'clone' of your production domain:

    One way you can easily create a complete 'clone' of your production domain:

    1. Join and promote a DC to your existing domain and make it a DNS server and GC. Wait for AD to replicate to it. Make sure it looks to itself for DNS after replicating (you'll need it to look at an existing DC before promoting it).
    2. Disconnect the new server from the network (power it down)
    3. On the production network run a metadata cleanup to remove all traces of the disconnected server. http://www.petri.co.il/delete_failed_dcs_from_ad.htm
    4. On the disconnected server, place it in your test lab (which is not connected to the production network) and run a metadata cleanup on it to remove traces of all the production servers.
    5. Ensure that the test server holds all 5 FSMOs. If it doesn't you'll need to seize them. http://www.petri.co.il/seizing_fsmo_roles.htm

    The link I provided on 3. refers to 'deleting failed DCs'. The procedure is the same for you. You're basically deleting all traces of a server from another server's copy of AD. So when you do this on your production domain, and remove the test server, this change will replicate around your domain and it will think your test server never existed. When you do it on the test server, and remove the other servers from it's copy of AD, it will think that they never existed. Therefore you end up with two separate identical domains running, unaware of each other.

    If you really want two domains with different domains, then you would need to migrate all users/computers over using ADMT.
    http://www.microsoft.com/Downloads/details.aspx?familyid=6F86937B-533A-466D-A8E8-AFF85AD3D212&displaylang=en

    http://jorgequestforknowledge.wordpress.com/2005/11/20/considerations-when-creating-an-ad-test-environment-part-2-2/

    Hope this helps


    Best Regards,

    Sandesh Dubey.

    MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator | My Blog

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    miércoles, 21 de marzo de 2012 21:25
  • Hello,

    seems that youre AD planning is a bit confusing. Why shjould be the computers be located in there own domain and you have that way lot more work, domains and DCs to maintain.

    Please describe the detailed requirements of your network so we can help you with the design.


    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    jueves, 22 de marzo de 2012 8:00
  • Well, you can also use ADAM/AD LDS which can be simply installed on the client machine like Windows XP/7. If you want to test the application which require schema modification and apps is DS enabled you can use AD LDS. If you are looking for the client, you need to have separate forest as domain is not more security boundary its forest.

    http://technet.microsoft.com/en-us/library/cc754361%28v=ws.10%29.aspx

    It is almost impossible to host multiple domain on the single machine irrespective of physical or virtual. You can refer below article, if you want to learn more about AD.

    http://awinish.wordpress.com/2011/07/02/adgpoguides/

    You can also make use of Cloud/hosting services.

    Active Directory Design Guide by Microsoft

    http://www.microsoft.com/download/en/details.aspx?id=8133


    Awinish Vishwakarma - MVP-DS

    My Blog: awinish.wordpress.com

    Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    jueves, 22 de marzo de 2012 8:28
  • It is not at all possiable.

    Best regards Biswajit Biswas Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. MCP 2003,MCSA 2003, MCSA:M 2003, CCNA, MCTS, Enterprise Admin

    jueves, 22 de marzo de 2012 8:35