Decided it was high time I got myself VMWare server so I could start playing about with it. I've got a Windows Server 2003 VM running, and I want to make it a DC so I can start playing about with AD and Group Policy, but as I'm using it in work I'm worried that adding it as a DC might effect our network in some way. Is there a way to isolate the VM so that it only interacts with my machine (and the internet) and doesn't see anything outside of that?

Don't use bridged - that will interfere. Not sure about NAT (I'm not familiar enough with the protocols behind AD to know if they can traverse NAT-routed networks). The only other option is to isolate it using 'host only' (but you'll lose access to the internet).

NAT should be safe enough :)

I wouldn't do it personally (but then I have a vmnet which hooks straight into our DMZ vlan), but it should be safe to bridge it. Just dont use the same dns or netbios domain name (and I'd do that in the NAT's scenario too), dont hooked it your live AD by DNS in anyway (no forwarding) and dont let it do any DHCP.

If you're worried just host only it or bury it in some random vmnet - you can use your host machine to drop service packs and such on it if you need to.

I think until I fully get to grips with the program I'll just do host-only to make sure it's completely safe. As much as I get to play with servers here in work I don't really get to configure them at all, so I wouldn't want to try to configure the VM and accidentily screw something up and do something to the live servers.

Another question. I have a Windows Server 2003 VM set up, along with a Windows XP VM. They're both set to use NAT, but neither can see or ping the other. Is there something I'm doing wrong, or are they not allowed to interact with each other? I was hoping to join the XP VM to the Server domain so I could play about with permissions and what not.

You wont be able to do that by NAT Davey :) Your best bet is to stick them both in a random vmnet (one which isnt bridged or nat'd) and stick DHCP on your server VM.

Sorry to be dense, but is that easy to do? The vmnet I mean, I've never done that before.

You using vmware server? If so, just edit the network connection, select custom, and pick a vmnet in the middle. Dont even need to boot the VM's for that one :)

Cool, thanks Daz. Now onto the fun of setting up the DHCP to assign IPs. This should be really useful for me as I've administered systems before but never actually set up one. Who knows, this may actually go some way to getting me a new job :D

God I'm such a nob at times. For the life of me I couldn't get the workstation to join the domain. I tried putting them on various vmnets. I tried setting the vmnets to host-only to see if that would help. I even rebuilt both of them in case I did something wrong the first time.

What I didn't do was check to see whether the firewall on the server was blocking the incoming requests :/

Davey = noob :o

Odd - the firewall should get disabled when you dcpromo it iirc.

That was my understanding as well, especially after reading a few websites about it. Not quite sure why it didn't do it, but at least I finally figured it out :)