I am looking at adding a second domain to our network. The purpose is seperate our staff from our students in labs. What steps should i take to accomplish this and are there any problems that i may come across? Thank you

You should not add a second domain, you should separate it using OU, and approperiatte security setting which you can implement by using GPO, permissions on AD objectsWith kind regards Krystian Zieja http://www.projectnenvision.com Follow me on twitter My Blog

we already have it seperated. I am told to look into adding a new domain. So thats what i'm doing

You have a few options. 1) Child domain of the parent, child.domainA.com 2) domain in a new tree, domainB.com 3) new forest, new domain, DomainX.com From a security boundary perspective, options 1 and 2 are the same, just a different FQDN. For isolation, option 3 is best. Each have their own advantages and disadvantages. In any event, the steps to set up another domain will slightly vary depending on your DNS design, but all options require that you run DCPROMO on a new server. During the wizard, you'll choose whether to join an existing domain, child domain, new domain tree, or new forest. Problems? the process itself is very easy and straightfoward. the issues usually come later based on a design which was not optimal for your orgnization. If you choose the wrong design for your org, its difficult, painful, and can be costly to migrate into a new design. Visit: anITKB.com, an IT Knowledge Base.

we already have it seperated. I am told to look into adding a new domain. So thats what i'm doing Hello, how are they separated if you didn't create a new domain until now? According to "I am looking at adding a second domain to our network." the domain is not created until now.Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

Meinolf, in the above thread i was told to seperate the students in a seperate OU and not add a domain. i was just responding that they were already in their own seperate OU.

You have a few options. 1) Child domain of the parent, child.domainA.com 2) domain in a new tree, domainB.com 3) new forest, new domain, DomainX.com Visit: anITKB.com, an IT Knowledge Base. We are going to go with the first option, The child Domain. if i could be directed to the best way to go about that it would be appreciated. Thank you

Meinolf, in the above thread i was told to seperate the students in a seperate OU and not add a domain. i was just responding that they were already in their own seperate OU. Hello, if you are already in separate OUs you have chosen the easiest management option and also the one with the minimum cost about hardware/licensing. You can manage everything with delegate control and no additional domain admins are required nor a second domain must be backed up. The OU separation is the recommended one in your network. Separate domains are only to be used if you have the need for different password policies if OS version are in use earlier then Windows server 2008.Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

Assuming that for what ever reason you have decided not to continue with an OU design, setting up a child domain is fairly easy. You also have to consider DNS. Will you be hosting the DNS zone on the parent DNS servers as well? If both zones will be hosted in the parent DNS, then to bring up a new domain, you'll need a new server. Load the Windows Server OS and configure its TCP/IP DNS client settings to point to the existing DNS servers. RUN DCPROMO using an account that has Enterprise Admin rights. during the wizard, you'll choose to add a domain to an existing forest. Follow the prompts in the wizard. After the first DC is set up, I would recommend that you set up a second DC in that child domain for fault-tolerance. If you are going to have the child domain host their own DNS, then that's OK too, but you'll need to make sure the proper delegation/forwarding configuration is in place. Visit: anITKB.com, an IT Knowledge Base.

Do I absolutely have to have a new server to add a child domain in a new tree?

To create a new domain regardless if its under a domain in an existing tree or a new domain in a new tree, you need at least one DC to establish it. That DC will hold the DB for that domain. Now, for best practices, it is always recommened to have at least two DCs per domain. Visit: anITKB.com, an IT Knowledge Base.

How do you initiate that process? Runnign dcpromo again seems to want to demote the dc I run it on, when I would simple like to add.

Sounds like that you already have a Domain established. If you want to establish another domain (child of that domain, new tree), you will need another computer. You cannot create multiple domains using the same domain controller. A domain controller can only be a member of one domain. Visit: anITKB.com, an IT Knowledge Base.

Do I absolutely have to have a new server to add a child domain in a new tree? Hello, you can only install one domain on one computer. As the domain is already running you MUST use an additional computer that must be promoted to DC for the child domain. You can NOT use an existing DC and add a child domain this is NOT possible. http://support.microsoft.com/kb/255248 http://technet.microsoft.com/en-us/library/cc787706(WS.10).aspx Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.