Yes, you could set up a second domain on the network behind a NAT router.
But it would be better if they were no longer actually "on the same wire".
They would be better located on their own switch. Only the NAT router would
have a connection to both networks.
You could use a hardware router for this, but I wouldn't recommend one
of the SOHO ADSL routers. Or you could use a server running RRAS, but not a
DC. I would not even make it a member of either domain. Just run it as a
dedicated router.
Don't use the address translation or mini-DHCP options in the NAT
router. All machines should use the local DNS for name resolution, and you
can set this DNS server to forward to a DNS server on the "parent" network
so that it can resolve both local and public URLs. Just use the router as a
NAT router to give the inner domain machines access to the public network.
If they are on a separate switch you can even use DHCP on the DC for your
inner network.
You can also access machines on the existing domain if you need to, but
they cannot get to your machines. NAT is a one-way address translation.
Private machines can see out, but public machines cannot see in.
The references to "public" are only in relation to the NAT router. This
will still work even if your existing domain is actually on a private
address scheme. I have a domain set up like this using virtual machines.
They run in a 192.168.31.0/24 subnet on a virtual network behind a RRAS
NAT router. The "public" side of this NAT router is actually in a 10.0.0.0/8
subnet behind a hardware NAT router.
"AlvinG" <(E-Mail Removed)> wrote in message
news:ueV9m$(E-Mail Removed)...
>I have a small workgroup of about 30 computers, and they are physically
>connected to a large network for Internet access only. They are not apart
>of Domain XYZ, but they are DHCP enabled and get their IP addresses from
>Domain XYZ.
>
> In my workgroup, I have users who need security on their files, folders,
> and I need to create shares which will be located on one centralized
> computer. So to minimize the overhead of administration, I'd like to setup
> a DC to create a domain for the workgroup computers, but it MUST, (this is
> most important) be completely non-existent to the DC's on Domain XYZ.
>
> I'm not sure if this is possible or if it is how to go about it.
>
> I've read several articles saying that multihomed isn't the best way to go
> with server2K3. One article suggested configuring RRAS. I don't know if I
> could just take a Dlink router or any retail router for that matter, and
> just NAT between Domain XYZ and the new Domain ABC of 30 computers, and
> use private addressing in Domain ABC.
>
> What's the best way to do this or is it even possible?
>
> Thanks
>
|
Similar Threads
Linear Mode
