Lev Kaytsner
asked on
Active Directory and Different IP Subnets
My network consists of two sites. One main site in Chicago and Branch Office in DC. I am connecting them via private T1 line. I have two Cisco 2811 routers, one on each side of the T1. Because I have one public class C network spanning both sites, I am using bridging on both routers so there is no QoS configured. I am planning on changing IP structure in my Branch Office to 192.168.2.0 network and leaving my Main Office intact. I am introducing IP routing on the routers to get QoS for voice traffic.
My question is, how would AD Domain Controller act, when it is not on the same subnet as the rest of the Active Directory in the Main Office. This domain controller in Branch office also acts as Global Catalog Server. What do I need to do, besides changing an IP address on this domain controller to get it to talk to AD DC's in Main Office?
Thanks.
My question is, how would AD Domain Controller act, when it is not on the same subnet as the rest of the Active Directory in the Main Office. This domain controller in Branch office also acts as Global Catalog Server. What do I need to do, besides changing an IP address on this domain controller to get it to talk to AD DC's in Main Office?
Thanks.
Brian Pierce
So long as there is IP conectivity between the subnets and they are properly routed then you need not do anything special. Muliple subnets are no problem - the only thing you might need to watch is DHCP since the DHCP broadcast traffic may not cross the subnets - you may need to use a relay agent or emable DHCP braodcasts on the routers.
As long as DNS replication works you should have no issues, but you WILL need to configure sites and subnets correctly:
http://technet.microsoft.c
is a good article explaining this.
Basically you need to ensure that your branch office is defined as a site containing its local Domain controller - this is configured under Active Directory Sites and Services.
http://technet.microsoft.c
is a good article explaining this.
Basically you need to ensure that your branch office is defined as a site containing its local Domain controller - this is configured under Active Directory Sites and Services.
ASKER
I was actually planning on creating a separate DHCP server on remote DC since it's going to have it's own subnet. I am trying to remove all unnecessary traffic from the T1 because I have issues with voice traffic.
Ok in that case there should be no DHCP issues.
As said - if you really want to minimise network traffic ensure the subnets for the sites are defined correctly, then you *should* only get the synch traffic and whatever data traffic you allow going between sites
ASKER
Thank you for providing so much helpful info.
So, first I would need to create site replication and then change IP structure in the remote site. Otherwise, I won't be able to get to the main site from there.
I have some file sharing, exchange, internet, voice traffic going back and forth.
So, first I would need to create site replication and then change IP structure in the remote site. Otherwise, I won't be able to get to the main site from there.
I have some file sharing, exchange, internet, voice traffic going back and forth.
You can create the new site now in AD if you like, define the subnet and the like as it is at the moment (add the branch office DC into the site), create the subnet and assign it to the branch office
This way you can test the configuration is working before you commit to the subnet change. Then all you need do is add the new subnet and remove the old when you make the change.
You should also create a new reverse DNS lookup zone for the new subnet now, so that it is ready to be populated before the changeover
You might well be able to assign the NEW subnet to the branch office as well, it just won't be in use
This way you can test the configuration is working before you commit to the subnet change. Then all you need do is add the new subnet and remove the old when you make the change.
You should also create a new reverse DNS lookup zone for the new subnet now, so that it is ready to be populated before the changeover
You might well be able to assign the NEW subnet to the branch office as well, it just won't be in use
ASKER
I can create the new site, but how would I be able to test it if the new server is not in place?
You have TWO DCs yes? One at each office? All you do is replicate the existing setup and assign the branch office DC to that site. If you read the article above it does make it very clear how to set this all up (and it is remarkably easy)
ASKER
Thank you so much for your advise. I am going to work on it this afternoon.
If you haven't done any AD site creation, I suggest you take care of the IP subnet change first then create site later, otherwise you would have to update those subnets again.
Also, since you are going to have a DHCP server on each location, you may want to reserve a portion of your IP range for each site from a different site so that client on both sites will be able to obtain IP address from either DHCP servers. This will add a bit of redundancy and of course you need to enable relay agent.
ASKER
So, here is my dilemma. I am going to be at my remote site reconfiguring one of the routers and changing IP schema on the switch, server, workstations. At the same time my CISCO engineer is going to work on my main site, reconfiguring the router there. He has no access to AD.
How can I make changes to my AD remotely while having no connection to my main network? My thought is that I will need some kind of internet connection to be able to VPN into my main network.
How can I make changes to my AD remotely while having no connection to my main network? My thought is that I will need some kind of internet connection to be able to VPN into my main network.
on the main site, setup the DHCP with 2 scopes: one for each site. Setup each router to perform the NAT.
As long as your cisco routers are allowing an open traffic between the 2 sites, you don't need to setup a replication.
The only reason to consider when you don't a replication is that you must rely on a reliable T1.
I have a similar setup for a client but the distance between the 2 sites is shorter compare to your case.
As long as your cisco routers are allowing an open traffic between the 2 sites, you don't need to setup a replication.
The only reason to consider when you don't a replication is that you must rely on a reliable T1.
I have a similar setup for a client but the distance between the 2 sites is shorter compare to your case.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you everyone for great answers.
Wish me luck.
Wish me luck.