|My workplace currently has one AD Forest. Slowly we have drifted in to two slightly separate businesses and my boss wants us to create a new AD Forest and segregate the users doing each business. Although we will all be in the same office, each side will authenticate to a different DC. The problem is, that we have some resources that still need to be shared and I would like to share them as eloquently as possible without converging the networks too much. |
The two networks will be in the same server rack but they will logically appear as this:
Cable Internet -- Router A (192.168.1.x) -- 48-port switch A -- PC/Phones/Domain Controller A
Cable Internet -- Router B (10.1.1.x) -- 48-port switch B -- PC/Phones/Domain Controller B
The problem I have is that the users in the "new" network need access to a shared folder, shared customer DB, and shared printers on the original Domain Controller, named "DC A" above. I have complete control over both networks but cant figure it out the best way.
My main concern is physical access between the networks. How will a pc on the 10.1.1.x network know where printer 192.168.1.2 is? I thought about creating a forest trust in order to assign proper permission but how will they resolve the names on a different subnets? The two "routers" are just simple SOHO type routers so I cant do much there.
I thought about connecting the two switches together but dont know if that would work. Wouldnt the data just get passed to the default gateway (router) anyway. The router would then just drop it. I also though about using the 2nd NIC in each DC and connecting them in each other's subnet. But again Im not sure if it matters if the DC's can reach each other or if the PC's would have to be able to reach the other subnet etc. I also thought about just creating some kind of VPN (hamagachi) or whatever to go out into the internet then back into the other router to the network.The problem is wouldnt every computer wanting to access the shared folder have to have this setup. I would like to limit setting things up on workstations and just limit config to the DC's if possible.
Any help would be greatly appreciated. I cant figure this out for the life of me. I basically just want users in subnet two to be able to map a drive and access printers on DC in subnet one.