Solved

Active Directory and Different IP Subnets

Posted on 2009-05-06
16
324 Views
Last Modified: 2012-08-14
My network consists of two sites. One main site in Chicago and Branch Office in DC. I am connecting them via private T1 line. I have two Cisco 2811 routers, one on each side of the T1. Because I have one public class C network spanning both sites, I am using bridging on both routers so there is no QoS configured. I am planning on changing IP structure in my Branch Office to 192.168.2.0 network and leaving my Main Office intact. I am introducing IP routing on the routers to get QoS for voice traffic.

My question is, how would AD Domain Controller act, when it is not on the same subnet as the rest of the Active Directory in the Main Office. This domain controller in Branch office also acts as Global Catalog Server. What do I need to do, besides changing an IP address on this domain controller to get it to talk to AD DC's in Main Office?

Thanks.
0
Comment
Question by:Lev Kaytsner
  • 6
  • 5
  • 2
  • +2
16 Comments
 
LVL 70

Expert Comment

by:KCTS
ID: 24315156
So long as there is IP conectivity between the subnets and they are properly routed then you need not do anything special. Muliple subnets are no problem - the only thing you might need to watch is DHCP since the DHCP broadcast traffic may not cross the subnets - you may need to use a relay agent or emable DHCP braodcasts on the routers.
0
 
LVL 10

Expert Comment

by:Kieran_Burns
ID: 24315165
As long as DNS replication works you should have no issues, but you WILL need to configure sites and subnets correctly:
http://technet.microsoft.com/en-us/library/cc782048.aspx
is a good article explaining this.
Basically you need to ensure that your branch office is defined as a site containing its local Domain controller - this is configured under Active Directory Sites and Services.
0
 

Author Comment

by:Lev Kaytsner
ID: 24315186
I was actually planning on creating a separate DHCP server on remote DC since it's going to have it's own subnet. I am trying to remove all unnecessary traffic from the T1 because I have issues with voice traffic.
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 70

Expert Comment

by:KCTS
ID: 24315234
Ok in that case there should be no DHCP issues.
0
 
LVL 10

Expert Comment

by:Kieran_Burns
ID: 24315259
As said - if you really want to minimise network traffic ensure the subnets for the sites are defined correctly, then you *should* only get the synch traffic and whatever data traffic you allow going between sites
0
 

Author Comment

by:Lev Kaytsner
ID: 24315299
Thank you for providing so much helpful info.
So, first I would need to create site replication and then change IP structure in the remote site. Otherwise, I won't be able to get to the main site from there.
I have some file sharing, exchange, internet, voice traffic going back and forth.
0
 
LVL 10

Expert Comment

by:Kieran_Burns
ID: 24315375
You can create the new site now in AD if you like, define the subnet and the like as it is at the moment (add the branch office DC into the site), create the subnet and assign it to the branch office
This way you can test the configuration is working before you commit to the subnet change. Then all you need do is add the new subnet and remove the old when you make the change.
You should also create a new reverse DNS lookup zone for the new subnet now, so that it is ready to be populated before the changeover
You might well be able to assign the NEW subnet to the branch office as well, it just won't be in use
0
 

Author Comment

by:Lev Kaytsner
ID: 24315426
I can create the new site, but how would I be able to test it if the new server is not in place?
0
 
LVL 10

Expert Comment

by:Kieran_Burns
ID: 24315468
You have TWO DCs yes? One at each office? All you do is replicate the existing setup and assign the branch office DC to that site. If you read the article above it does make it very clear how to set this all up (and it is remarkably easy)
0
 

Author Comment

by:Lev Kaytsner
ID: 24315489
Thank you so much for your advise. I am going to work on it this afternoon.
0
 
LVL 18

Expert Comment

by:Americom
ID: 24315573
If you haven't done any AD site creation, I suggest you take care of the IP subnet change first then create site later, otherwise you would have to update those subnets again.
0
 
LVL 18

Expert Comment

by:Americom
ID: 24315676
Also, since you are going to have a DHCP server on each location, you may want to reserve a portion of your IP range for each site from a different site so that client on both sites will be able to obtain IP address from either DHCP servers. This will add a bit of redundancy and of course you need to enable relay agent.
0
 

Author Comment

by:Lev Kaytsner
ID: 24318709
So, here is my dilemma. I am going to be at my remote site reconfiguring one of the routers and changing IP schema on the switch, server, workstations. At the same time my CISCO engineer is going to work on my main site, reconfiguring the router there. He has no access to AD.
How can I make changes to my AD remotely while having no connection to my main network? My thought is that I will need some kind of internet connection to be able to VPN into my main network.
0
 
LVL 2

Expert Comment

by:HDanYoo
ID: 24321698
on the main site, setup the DHCP with 2 scopes: one for each site. Setup each router to perform the NAT.
As long as your cisco routers are allowing an open traffic between the 2 sites, you don't need to setup a replication.
The only reason to consider when you don't a replication is that you must rely on a reliable T1.
I have a similar setup for a client but the distance between the 2 sites is shorter compare to your case.
0
 
LVL 10

Accepted Solution

by:
Kieran_Burns earned 500 total points
ID: 24323279
There are options available to you, but to be frank the VPN option is going to be the best one.
KISS :-) Keep It Simple Stupid ;-)
You could start down the multiple IP addresses on interfaces option but to be frank you're adding a degree of complication you don't need.
0
 

Author Comment

by:Lev Kaytsner
ID: 24336159
Thank you everyone for great answers.
Wish me luck.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Resolve DNS query failed errors for Exchange
Synchronize a new Active Directory domain with an existing Office 365 tenant
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question