Merging two networks into one! Guidance required for non techy!!

By macampbell ·
I have recently taken up a fairly senior non techy role within an expanding company. I have some basic technical experience from a while back and I?m hoping you experts out there can offer some help (our current IT team is thin on the ground).

My new company has two offices (geographically disperse) with two separate networks with a similar composition.

The two offices are linked by an IPSec tunnel I believe.

The main office (Office A) is the main office and hosts 3 servers (Windows 2003 Standard file server with Exchange installed but not functioning, primary and secondary domain controllers). There is a Sonicwall firewall at this location and around 80 desktops, printers etc.

The secondary office (Office B) has a backup domain controller and an additional 3 servers (File Server/domain controller which runs Small Business Server 2003 Standard, Web Server, Sql server). There is a Vigor firewall and the site connects to the internet through a Cisco managed router. There are about 75 desktops, printers etc.

The proposed solution from management is to create a single domain across two sites using the IPSec tunnel as a means of communication between the two offices. A trust relationship would be setup between the two domain servers at the two sites allowing us to keep both main office servers in synchronisation. All AD information would then be kept synchronised between the two locations. All users would be given a unique logon and would login to 1 overall domain.

The main file server in Office A is very high spec and we were hoping to set up AD and Exchange for the entire company (about 200 users) on this server (Can this then be replicated out to other domain controllers? Wasn?t sure about this.

The SBS 2003 server which is currently running Exchange for all email would need to be upgraded to Windows Server 2003 I believe as SBS can?t form trusts. Is that correct? How easy would it be to transfer Exchange to the higher spec server in Office A? I presume the MX records would have to be changed? How long does this process take? Would a weekend be sufficient for this turnaround? Would it be wise to have a secondary Exchange Server?

I presumed the existing DC in Office B would still act as a domain controller in Office B handing out IP addresses within the Office B network? Is this the best solution? If it is would it still need to be synchronised with the DC in Office A?

All desktops have XP.

Any help would be greatly appreciated. Hopefully I?ve attempted to explain our problem as well as I can? Hopefully some of you guys have had experience of implementing a similar setup and can offer some advice.

Thanks for taking the time.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

All possible

by ian.hutty In reply to Merging two networks into ...

I am unclear of your proposed topology - since you currently have two seperate doamins and have suggested a single domain for all to log into, but then also said a trust would be formed (I asssume you mean from the two current domains). Forming a trust would not create a single logon domain. In this situation there would be three entries in the log on to box (Dom a, Dom b, local PC) - I assume you want one domain and one Exchange org? with one SMTP feed?

All of this is possible. In many ways it replicates what I have at the local hospital I work at - although your setup is far smaller (mine is 100 servers split across two main site and 5 satellite sites, 8000 users).

Can you clarify the end domain model?

Also, if your IT is 'thin on the ground' how do you propose to pull this off?


Collapse -


by macampbell In reply to All possible

Hi Ian thanks for taking the time to respond. Apolgies for not being clear - to be honest I wasn't quite sure what the proposed solution would be. Would you suggest it better to have 2 seperate domains which form a trust and thus allow for future exansion and possibly other domains? Having Domain A, Domain B and local machine would be preferable. How would you go about setting this up? Could it be done over the weekend? We are most likely going to have to source a contractor to help out with this initially.

Thanks again for the guidance.


Collapse -

Designs can depend on business model

by ian.hutty In reply to Thanks

If your business is likely to remain as a single entity and not likely to be split in the future I would plumb for a single AD domain and single Exchange org. although there are pro's and con's to both trusted and single domain models.

Perhaps your business model would dictate this better.

Scenario 1 - One company, one single email domain, all PC's in one AD domain - DC's at both sites replicating across your IPSEC VPN tunnel, two exchange servers participating in a single exchange org with the mailbox's home at the obvious site depending on where the user is. When the link is down (for what ever reason) AD logon's would be done by local onsite DC and Exchange email in and out bound would sync when the link is restored but would queue up on the local Ex srv.

Scenario 2 - Two domains trusted together which will provide print, file / security permissions, sharing etc. But this would not make for a single Exchange org (i.e one single global address book - which is nice and scenario 1 provides)

To explain how to go about this is not too difficult if I had all the info. Then provide options appraisal for your board to approve the correct model.

Although WE (me and you ) could do this remotely it requires planning and someone hands on at your end - Pity Glasgow is so far away.


Collapse -

Thanks again

by macampbell In reply to Designs can depend on bus ...

Hi Ian the former would be my preferred option I would be willing to pay for your time even if it was remote consultancy work is it OK to contact you direct?



Collapse -


by ian.hutty In reply to Thanks again
Collapse -


by CG IT In reply to Merging two networks into ...

yes you transition your SBS box to Windows Server 2003 standard edition. Here is a Technet article on it.

Yes SBS will not form trusts with other domains. This is what makes SBS different from W2003 Standard.

As far as design, the single forest single domain model is what MS says is prefered. Keeps everything simple and flexible.

The more domains you have, the more administrative effort you will have. Since you only have 2 offices and are currently running SBS AD, stay with the single forest, single domain model and have the remote office as a site.

Collapse -


by macampbell In reply to SBS

Many thanks for your help!

Collapse -

note on exchange , SBS and Transitions

by CG IT In reply to Hello

here's some hands on advise on going from SBS to W2003 Server Standard.

First, your best bet is to transition the SBS box to W2003 Server. Even if your going to retire the box. The MS article on transitioning outlines that once you transition the SBS box, you can then move around FSMO roles. Moving around roles is crucial for retiring old DCs. The other benefit is that transitioning allows you to introduce another Exchange server on a seperate box and make that Exchange the bridgehead for the domain. With SBS, you can't move the bridgehead from the SBS box to another server without a lot of problems. Transitioning allows this move with a lot less problems.

Setup your remote office as a site in Active Directory Sites and Services. If you have a few users there [less than 10] and no servers, then there's no need for a DC. If you put in a DC make sure it's got the global catalog role.

Collapse -

Assist with your company's IT merger

by mitchell In reply to Merging two networks into ...

Good Morning macambell...

I am the President and COO/CIO of a company in the US (Los Angeles area) that specializes in this process. In fact, we just completed a project identical to the one you described this past Friday.

In your case, there actually are several alternatives and good workable solutions. None of which involve SBS!!

We are an old line IT firm having built the original Altair 8800 computers on contract to the Byte stores in the mid 70's. We specialize in companies your size and in projects you have described.

The solutions I would most likley propose after discussions on how you really need to use this domain(s) may include a parent child domain or two seperate domains with a transitive trust relationship. All communicating via a IPSec VPN.

Our own company has two locations. We are running Windows Server 2003 standard and enterprise with Exchange. The first location and our primary office has a dedicated 3mb microwave link to a T2 connection. The second location is connected via a cable modem to the internet. The trick here is to make sure that both locations have static IP's, that the DNS forward and reverse lookups are set up properly, that the trust relationships are setup properly, that the DHCP Scope, local DNS and Wins are all setup properly and most important, you must have at least 2 domain controllers at each of the locations and preferably have the Exchange server on a non DC box.

Next we need to make sure AD is properly recognizing both locations thru the VPN.

We then write user login scripts that automatically map drive letters between the domains. We even do cross domain backups from site to site automatically.

Ours is not the only company we set up this way. This is almost SOP for our multi location companies. In fact, the first time we accomplished this was about 10 years ago for a landscaping company with corporate offices in a LA suburb, a nursery in another county, a second nursery in northern LA county, a facility in San Diego and Salt Lake Ut. We made this work reliably and enabled the company to take advantage of many common tasks and saved them a bunch of money. They can even print to the remote locations without any special configuratios.

We are not your normal IT company. We are engineering based having several patents and design awards to our credit. We design and build business IT systems only for companies under 75 nodes.

We have authorized and trained associates all across the US plus have remote help desk software that will allow us to work simultanously with your technical people on your side of the pond.

There is never a charge to call and kick around a few ideas. Perhaps we can be of assistance and would welcome the opportunity to assist.

Please visit our web site to familiarize yourself with us.

Having worked with companies from Israel to China, I am confident we can be of great assistance. Please do not hesitate to contact my office at 818.882.8987 to discuss further. We are available 7 days per week from 7:00am till 10:00pm LA time.


Mitchell Marcus
President COO/CIO
The MSM Consulting Group, Inc.
Chatsworth, CA **311

Related Discussions

Related Forums