?
Solved

Active Directory and subnets

Posted on 2007-07-26
8
Medium Priority
?
2,292 Views
Last Modified: 2012-06-21
In a single, simple stand-alone AD with just one site that has multiple IP subnets routed internally, do you have to add each subnet to the site within AD? What symptoms would you see if you don't?
0
Comment
Question by:lrmoore
  • 2
  • 2
  • 2
  • +1
8 Comments
 
LVL 30

Accepted Solution

by:
LauraEHunterMVP earned 1000 total points
ID: 19577259
In a single site there's no real reason to configure subnets manually - all of your clients will default to the single site, and will authenticate against the DCs in that single site.
0
 
LVL 79

Author Comment

by:lrmoore
ID: 19577354
I didn't think so, but wanted to run it by the Experts for a second opinion.
Thanks Laura!

If I have multiple sites should I then register each appropriate subnet to the appropriate site?
0
 
LVL 12

Assisted Solution

by:benhanson
benhanson earned 1000 total points
ID: 19577390
The subnets are used to determine the best Domain controller to authenticate to.  If you have multiple subnets AND some of those subnets have their own domain controller, then you should set them up and set up sites, then associate the proper subnets with the proper sites.
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 
LVL 12

Expert Comment

by:benhanson
ID: 19577430
So, as far as symptoms, here is the scenario

Subnet A 192.168.0.x - With Domain Controller - Core Site
Subnet B 192.168.1.x - With Domain Controller - WAN Site, T1 to Sub A
Subnet C 192.168.2.x - No Domain Controller - WAN Site, T1 to Sub A

If you don't have any subnets and sites set up in AD Sites and Services, then users from Subnet C might be persistently authenticating to Subnet B, wasting precious T1 bandwidth at 2 sites.  You may also find users from Subnet B also authenticating to Subnet A, wasting yet more WAN bandwidth.
0
 
LVL 79

Author Comment

by:lrmoore
ID: 19577502
That's all I needed to know.
Thanks!
0
 
LVL 30

Expert Comment

by:LauraEHunterMVP
ID: 19577519
An AD site is assumed to be "well-connected", in other words a single LAN - even if that LAN extends to multiple physical locations, if all machine can connect to each other at LAN speed, you're fine.

As benhanson describes, if you have bandwidth limitations between your subnets such that you generally want workstations on SubnetA to authenticate to a DC on SubnetA and so forth, then configure a separate site for each well-connected location and site links between them.
0
 
LVL 5

Expert Comment

by:Feroz Ahmed
ID: 20786402
Hi,
IF you assign class A Ip address then you need to enter subnet as 255.0.0.0 and for classB it is 255.255.0.0 for classC 255.255.255.0 depending on this you need to specify the subnet mask.
0
 
LVL 5

Expert Comment

by:Feroz Ahmed
ID: 21874442
Hi,
Subnets are assigned automatically accordingly on range of ip address like classA,ClassB,ClassC,and ClassD ,for classA Ip address subnet mask is 255.0.0.0 for classB it is 255.255.0.0,for classC it is 255.255.255.0 and for classD it is 255.255.255.255.
 
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question