AD domain running out of IPs Best way to increase

I have a site running W2K SP3 that will soon be upgraded to W2K3 AD.  I am very low on IP address space.  What is the cleanest way to increase the address space.

If I could add one more item into this from another site only because it is aliong the same lines.  That is I have a W2K SP3 AD domain with a subnet of 192.168.10.0/24 and they are out of address space.  

Actually have other issues as well dealing with the routing side and the firewall which is a bigger mess.  If I change the mask my current VPNs will break and need to be recreated.

Thoughts and the best way to do this.  

Thanks

Doug

LVL 3
dcohnAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Lee W, MVPTechnology and Business Process AdvisorCommented:
Add subnets.  You will need a router though.  And I don't mean something like a Linksys Cable/DSL router.

I worked in a network environment with over 1500 nodes... we were always subnetted, no real problems.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
AraskiCommented:
Hi dcohn,

Or if you cannot afford the expense of a new router + cabling etc you can give what MS suggests is the best way:
(exerpt from MS  Q255999)
Resubnetting
Resubnetting is the recommended procedure for increasing a DHCP scope when the current scope has entirely consumed the current subnet mask. However, this method requires you to change all subnet hosts and gateways. If you have an address range that has run out of available host addresses, you may be able to change the subnet mask to include a larger share of host addresses. However, simply changing the subnet mask requires that all routers and other statically assigned computers be reconfigured and all DHCP clients have renewed their lease obtaining the new parameters.

Additionally, the entire DHCP scope or scopes must first be deleted and then re-created using the new subnet mask. The potential for duplicate addresses exists during this period if you do not take steps to prevent leasing addresses that other clients may use. Despite all of the aforementioned caveats, resubnetting is still the recommended procedure. The resubnetting configuration creates no additional overhead on the subnet routers or gateways, and keeps all hosts on the same broadcast address.

The following example shows a depleted subnet with the following settings:
Subnet Address: 192.168.1.0
Subnet Mask: 255.255.255.0
This yields a network of 254 hosts with addresses from 192.168.1.1 to 1921.68.1.254.

The following example shows the result if you use the resubnetting option:
Subnet Address: 192.168.1.0
Subnet Mask: 255.255.254.0
You now have a network of 510 hosts with addresses from 192.168.0.1 to 192.168.1.254 (for scope 192.168.0.0), or 256 newly available DHCP addresses.
Before:
---------192.168.1.0/24-------R-------192.168.5.0/24---------

After:
---------192.168.0.0/23-------R-------192.168.5.0/24---------


There are other ways such as SuperNetting (see link provided for full details) but personally I would just Re-subnet the whole lot.  Just remember to change all router and all other static devices (servers, managed switches, Private vpn connections etc).  Also remember to delete all old DHCP scopes and re-create them with the new info, ending finally with a renew of all DHCP clients.

http://support.microsoft.com/?kbid=255999

Cheers!
JackOfPHCommented:
ping
dcohnAuthor Commented:
Subnetting would be simpler.  it seems and I have the routers.  How do I deal with DHCP?  Just add a new scope?

I must say though that I always hated subnets compared to a flat network as far as sease of administration.

My question was not the understanding of networking but what I change on my servers and how it affects DNS , DHCP etc.

Deleting all the scopes is NUTS.  This network has currently has lots of statis IPs and reservations and other slop like that.  I inherited this and I am a remote management consultant.  I have a set budget and do everythinmg from the outside.  I charge by the hour but must stay under X hours per week.  (15 or so).  That includes supporting the end users via a helpdesk we installed etc etc.

So changing masks is not an option if It requires trashing the DHCP scopes as it is too time consuming.  I have several Cisco's 2620's as we have a T1 and some PTP's to the other offices.

I wanted to know how it will affect AD if I changed the netmask or added a subnet.  Do I need to add the subnet to AD sites and services?  

Also this Superscope thing seems really wacky.  What is that about and this is so unclear on Microsoft's site.  How is 192.168.5.0/24  related to the rest of this convulted mess.  This is very weird stuff and is certainly NOT what I am doing.  I just want to add IPs.  Damn


+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
The following example shows the results if you use the superscoping option:
Subnet Address: 192.168.1.0 and 192.168.2.0
Subnet Mask: 255.255.255.0
You now have two networks of 254 hosts (508 hosts total) with addresses from 192.168.1.1 to 192.168.1.254 and 192.168.2.1 to 192.168.2.254, or 254 newly available DHCP addresses.
Before:
-----192.168.1.0/24------R-----192.168.5.0/24--------

After:
-----192.168.1.0/24 and 192.168.2.0/24-----R-----192.168.5.0/24------
+++++++++++++++++++++++++++++++++++++++++++++++++++++
AraskiCommented:
Once the router is configured for the new subnet, add a new DHCP scope for the new subnet and add the new "site" in AD.

That should be it.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 2000

From novice to tech pro — start learning today.