Thanks to all for your replies. Now it's more clear to me. In fact probably I configure a one-way trust between the forests only to access some resources, but definitly I know now (with your help indeed) that despite of have this two networks fully routable, is not a risk, obviouslly if I configure separated DNS, WINS an so on. Best Regards.
From: [email protected] To: [email protected] Subject: RE: Have two Forest on two completelly routable Network Segments is this possibly?? Date: Mon, 2 May 2011 16:53:29 +0000 I agree, you’ll be fine. In labs, I’ve had multiple forests on the same network, and it works just fine. However, I don’t recommend it because you have DHCP and DNS issues to overcome. DNS is really the key to separation of your Forests as I see it. From: [email protected] [mailto:[email protected]] Sent: Monday, May 02, 2011 9:47 AM To: Active Directory Admin Issues Subject: RE: Have two Forest on two completelly routable Network Segments is this possibly?? Should be fine. We have multiple forests on routable segments. If you don't build a trust, they wont even see each other except maybe through DNS depending how you set that up From: Jorge Romero <[email protected]> To: "Active Directory Admin Issues" <[email protected]> Date: 05/02/2011 12:45 PM Subject: RE: Have two Forest on two completelly routable Network Segments is this possibly?? Hi Andrew, thanks for the reply. The risk that I was talking was related to cause some strange behaviour or a damage to our Production Forest. Due that both network segments are fully routable, I dont know if meanwhile the creation of the New forest could cause some damage to the production Forest. I know that the trust relationship between forests are not enabled by default, so logically this two forest are separated, but due that the network segments can fully see the other, that is my concern. What do you think about that?? From: [email protected] To: [email protected] Subject: RE: Have two Forest on two completelly routable Network Segments is this possibly?? Date: Mon, 2 May 2011 16:32:20 +0000 What risks are you afraid of? Firewalls would only be necessary if you think one network might get compromised and it would expose the other. Otherwise I don’t see why there would be any issue in what you are trying to do. Andrew From: Jorge Romero [mailto:[email protected]] Sent: Monday, May 02, 2011 9:23 AM To: Active Directory Admin Issues Subject: Have two Forest on two completelly routable Network Segments is this possibly?? Hi all!! I have a doubt that I decide to ask here in order to see if someone can sheed some light on this. The question is: Can I have two AD Forest on two Completelly Routable Network Segments? I mean, actually I have One Forest on the network segment A. I want to add a second Forest on a network segment B. Networks Segments A and B are completelly routable each other, there is no firewall blocking between segments A and B. Basically this is the doubt. Could this be done without some risk?? The New forest is for testing pourposes only. Best regards. ~ NEW: CounterSpy Enterprise: Centralized Antispyware - #1 in eWEEK Test! ~ ~ <http://www.sunbelt-software.com/product.cfm?id=400> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ad-list ~ NEW: CounterSpy Enterprise: Centralized Antispyware - #1 in eWEEK Test! ~ ~ <http://www.sunbelt-software.com/product.cfm?id=400> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ad-list ~ NEW: CounterSpy Enterprise: Centralized Antispyware - #1 in eWEEK Test! ~ ~ <http://www.sunbelt-software.com/product.cfm?id=400> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ad-list The information contained in this e-mail, and any attachment, is confidential and is intended solely for the use of the intended recipient. Access, copying or re-use of the e-mail or any attachment, or any information contained therein, by any other person is not authorized. If you are not the intended recipient please return the e-mail to the sender and delete it from your computer. Although we attempt to sweep e-mail and attachments for viruses, we do not guarantee that either are virus-free and accept no liability for any damage sustained as a result of viruses. Please refer to http://disclaimer.bnymellon.com/eu.htm for certain disclosures relating to European legal entities. ~ NEW: CounterSpy Enterprise: Centralized Antispyware - #1 in eWEEK Test! ~ ~ <http://www.sunbelt-software.com/product.cfm?id=400> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ad-list ~ NEW: CounterSpy Enterprise: Centralized Antispyware - #1 in eWEEK Test! ~ ~ <http://www.sunbelt-software.com/product.cfm?id=400> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ad-list ~ NEW: CounterSpy Enterprise: Centralized Antispyware - #1 in eWEEK Test! ~ ~ <http://www.sunbelt-software.com/product.cfm?id=400> ~ After a lot of failed attempts by what's in the help file and by various suggestions, this is our new footer (btw unsubscribe by email is LAGGED and takes 5-10 minutes before it works): --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ad-list
