2 Domain Controllers - 2 domains on same LAN

[xedgex]

I currently have a SBS2003 on our lan, I need to add a seperate domain for a new firm on the same network layer. Will this cause any issues? I plan on keeping our LAN subnet the same, users will need to have access to both servers but the data will remain on its respected server.

I want to either add another SBS2003 or SBS2008.

Please provide feedback. These will be 2 separate domains, one of the servers does DHCP, both will need to do their own DNS.

 

[markdmac]

This would be a violation of the SBS licensing. You can add a regular Windows 2003 or 2008 server without any problems though.

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at

http://www.thespidersparlor.com/vbscript

Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.

 

[xedgex]

Thanks for pointing this out, I was not aware. Is it a violation since the servers share the LAN hardware?

If I segregate the environments completely, even ISP, then I dont have an issue since the companies are using 2 different suites.

 

[PU36]

SBS only allows 1 Domain and 1 domain Controller for the entire LAN.. along with I think a 75 user limit but I may be mistaken on that.

If you want to add another Domain and another server you will need an entire new license for SBS and new server.

You can read more about the SBS Licensing here;

http://www.microsoft.com/WindowsServer2003/sbs/evaluation/faq/licensing.mspx

 

[PU36]

Here are the restrictions to the SBS license.

* Only one computer in a domain can be running Windows Small Business Server.
* Windows Small Business Server must be the root of the Active Directory forest.
* Windows Small Business Server cannot trust any other domains. It cannot have any child domains.
* Windows Small Business Server is limited to 75 users or devices depending on which type of CAL.
* All Windows Small Business Server versions up to SBS 2003 are limited to 4 GB of RAM. 2008 requires a minimum of 4GB and supports a maximum of 32GB.
* Windows Small Business Server versions prior to Windows Small Business Server 2008 are only available for the x86 (32-bit) architecture.
* Windows Small Business Server 2008 will only be available for the x86-64 (64-bit) architecture. This is due to the requirements of Exchange Server 2007, whose production version is 64-bit only. The 32-bit version of Exchange Server 2007 is only supported for testing and non-production scenarios.
* Only the Remote Desktop for Administration mode is available because Small Business Server always runs on the domain controller, and only two simultaneous RDP sessions are allowed. (Change from SBS 2000 policy)Terminal Services in application sharing mode needs to be run on a second server on the network. This however is possible with SBS 2008 Premium edition which includes a Windows Server 2008 license for running the second server.
* To remove these restrictions and upgrade to regular editions of Windows Server, Exchange Server, SQL Server and ISA Server, there is a Windows Small Business Server 2003 R2 Transition Pack.

Source:

http://en.wikipedia.org/wiki/Small_Business_Server

 

[58sniper]

SBS only allows 1 Domain and 1 domain Controller for the entire LAN.

That is not true. You can have as many DCs as you want. SBS must maintain the FSMO roles, though.

You can also have multiple domains on a LAN, but the other domains must have their own domain controllers (whether standard DCs or SBS boxes). You can have multiple SBS boxes on the same LAN, but DHCP starts to become an issue.

I've seen buildings with a building supplied LAN housing a dozen SBS boxes (all for different tenants/clients). Made me question their sanity, but it was all working fine.

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.

http://www.ucblogs.net/blogs/exchange/

 

[markdmac]

SBS only allows 1 Domain and 1 domain Controller for the entire LAN.. along with I think a 75 user limit but I may be mistaken on that.

If you want to add another Domain and another server you will need an entire new license for SBS and new server.

Sorry but this is incorrect. SBS does allow for additional domain controllers. There is little justification for it since the SBS server needs to be the FSMO role holder for all 5 FSMO roles. There are times however when having another DC can be really helpful.

Unless you have 2 separate companies sharing an office, you can't have 2 copies of SBS. If you have 2 companies sharing office space then yes you can have 2 copies of SBS. It is best to run them on separate cable plants. If SBS detects another DHCP server it will shut down its DHCP. That doesn't require you to rewire your office, you could accomplish that same goal with VLANs on a switch.

The pricing of SBS is to allow small businesses to run enterprise applications at an affordable price. The cost savings is dramatic. A company larger than the SBS size (75 users) moves into the medium IT space, in which case EBS is the MS offering. Anything above 250 becomes enterprise and the price breaks really go away.

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at

http://www.thespidersparlor.com/vbscript

Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.

 

[PU36]

Sorry about that. I wasn't clear with what I wrote. My apologize. I am aware that you can have more than one domain on a LAN. Having implemented that numerous times myself.

What I was saying was that with SBS you can only have one SBS server per domain not per LAN.

Sorry for the confusion.. if I caused any.

 

[xedgex]

Ok I'm a little confused now. Can I have 2 separate SBS2003 servers on the same LAN? each server will be a DC for its domain.

It will still be 1 LAN, same subnet.

 

[markdmac]

Do you have 2 seperate companies with 2 different tax ID numbers? If not then the answer is no.

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at

http://www.thespidersparlor.com/vbscript

Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.

 

[xedgex]

Yes that is the case, the 2 different companies share office space and architecture. They have separate owners therefore separate TAX id's.

So in this case, the 2 SBS servers should not conflict with each other on the same LAN correct?

Each will have its own domain.

 

[markdmac]

The two SBS boxes will not conflict from a licensing perspective. In other words, you aren't trying to get around the licensing.

You will still have an issue with DHCP and my recommendation stands that you should use a VLAN to separate the two networks.

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at

http://www.thespidersparlor.com/vbscript

Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.

 

[JoeJTaylor]

You would run into issues with DHCP and you would need to statically allocate each machines IP address and DNS server, not too bad if its a very small office but anything over 10 machines or so and its going to be a pain. V-Lanning is the way to go. Do you have switches capable of this?

 

[JoeJTaylor]

Another thing, I once had to do something similar to this on a temporary basis. i attached a firewall to our main switch using a free IP address on our original subnet i.e 192.168.50.25 as the WAN address for the firewall and assigned its LAN IP address to something else i.e 192.168.51.254 to create a completely seperate network. this network still had access to the internet by setting the intermedite firewalls default gateway to the main networks gateway. Computers could also communicate between domains by setting up port forwarding rules on the hardware.
Probably not ideal for the situation but it would isolate the two companies from each other in a similar way to V-lanning

 

[xedgex]

I am not familiar with setting up V-LANS, currently the office has an HP 48 fast ethernet switch, so it probably can do vlans. There is no patch panel (its a mess).

Would I need more than 1 switch to Vlan? or is the vlan setup on 1 switch which basically segregates some ports?

With vlan in place, would I be able to provide access across both networks?

 

[markdmac]

A VLAN is exactly what you surmised. A segregation of ports to separate the wiring at the switch side.

What you could do is use a VLAN to separate the two networks. Then use an inexpensive firewall to provide Internet access to both networks (if you need to share the Internet connection)

I'm guessing though that you will have separate Internet connections so each company has their own public IP for mail routing.

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at

http://www.thespidersparlor.com/vbscript

Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.