[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

2 Subnets and 1 DC

Posted on 2007-08-01
9
Medium Priority
?
366 Views
Last Modified: 2010-04-18
Hi,

We have a customer currently on the 192.168.0.x subnet, they have moved a few users to another building down the road. We opted for a 1Mb SDSL connection and VPN tunnel. The new office is on 192.168.2.x and we can ping both subnets fine.

Can someone please advise what changes we need to make to the DC in the main subnet 192.168.0.x so that the users in the other subnet are part of the domain, at present they are obtaining their IP setting from the local Draytek router which is issuing the DNS server from the main subnet and an internet DNS server.

There is currently no plan to put a DC in the 2nd subnet.

Any suggestions welcomed.

Regards
Scott
0
Comment
Question by:rdswaddi
  • 3
  • 2
  • 2
7 Comments
 
LVL 9

Expert Comment

by:iCoreKC
ID: 19611838
This should be no problem.  The only changes needed is new subnet entry in Sites and Services even though the subnet doesn't have a DC.  AD will then know about this new subnet and this will help with authentication.  Put it the same Site as the 1st subnet, probably the Default First Site, and that should do it.

Domain membership for the workstations in the new building will need to be addressed and I am assuming that the users accounts have been created.  From that point its just a point of testing.

Everything else looks good.  You don't really need to do anything on the 1st subnet.  
0
 
LVL 70

Expert Comment

by:KCTS
ID: 19611847
If you are using Microsoft RRAS then you can set up an IP pool on the RRAS server which could allocate IP adresses to the VPN clients or you can stay with DHCP on the router - but not both!

Whichever you use, the clients need to be given the Windows DNS server as thieir preferred DNS server, and no other DNS server should be specified, otherwise they will not be able to contact the domain. The default gateway must also be specified.

You can then attatch them to dhe domain as you would any other computer.
0
 

Author Comment

by:rdswaddi
ID: 19612071
Thanks for your help guys. The machines have already been added to the domain (just physically been moved).

So can I create a new scope in DHCP and have that allocate the IPs to the 2nd subnet?

Thanks
Scott
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 
LVL 70

Accepted Solution

by:
KCTS earned 500 total points
ID: 19612128
If you are going to use the DHCP in the main office then you need to be aware that DHCP uses broadcasts and these don't normally go through routers. If your routers are RFC 1542 compliant they Will have the option to allow/forward DHCP broadcasts, if not then you will have to use a local DHCP server or DHCP proxy.

Also bear in mind what I said about the DNS server and default gateway settings.
0
 

Author Comment

by:rdswaddi
ID: 19612178
That's great thanks. So if only one DNS server is specified will the users on the 2nd subnet end up using the internet connection from the main subnet to browse the web? Unless I specify the Draytek as a proxy?

Regards
Scott
0
 
LVL 70

Expert Comment

by:KCTS
ID: 19613199
All domain members (workstations, servers and domain controllers) MUST use the Windows DNS server (normally the domain controller) as the preferred and only DNS server, the alternate DNS server can be used if you have multipe local DNS servers. This applies whatever subnet the machines are on.

This is necessary because computers use DNS not only to resolve local host names to IP addresses but also to locate Domain Services.

In order to allow the machines to resolve external names, you normally specify your ISPs DNS servers as forwarders on the Forwarders tab in the properties setting of the DNS server in the DNS console.
0
 
LVL 9

Expert Comment

by:iCoreKC
ID: 19613270
You need to have both DNS servers set up in your scenario.  Primary to you DC and Secondary to your ISP, however the Primary DNS server will forward request to the Root DNS boxes on the internet.

You AD DNS server is critical as your client at your off site location need to be able to resolve names internally as well as domain resources which are only available on your DNS server.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
Unable to change the program that handles the scan event from a network attached Canon/Brother printer/scanner. This means you'll always have to choose which program handles this action, e.g. ControlCenter4 (in the case of a Brother).
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question