daxatviyu
asked on
Active Directory Site and Services DMZ Subnet Placement
I have a network with three sites, SiteA, SiteB, and SiteC. There is a site created within ADS&S for each location and the domain controllers are in their geographical site with replication setup on an hourly basis. The fourth site in the organization is the Default-First-Site-Name, it has no Domain Controllers in the site. The sites are all connected via mesh and IP Subnets are configured and assigned to the site as dictated by IP configuration at those sites.
The organization also has Exchange Server in a DMZ. The DMZ subnet is in the Default-First-Site-Name Site. The DMZ physically resides in SiteA. I am problems with Exchange Services starting. It looks like the problem is that the server is trying to connect to Domain Controllers in any site and timing out when going to SiteB or SiteC Domain Controllers.
There are also two site links within ADS&S. One is a created domain specific link that contains sites A,B and C. The other is the DEFAULTIPSITELINK that contains all sites including the Default-First-Site-Link. The Cost and Replication time is the same on these site links as 100 and 60 minutes.
I am thinking of moving the DMZ subnet to the site SiteA and am anticipating this will cause it to always communicate with the Domain Controllers in SiteA.
Can you see any issues with me moving the DMZ subnet to SiteA?
I am also wondering if I should change the cost on the DEFAULTIPSITELINK so the domain specific link is the lowest cost.
Config Breakdown in Directory Sites and Services:
SiteA = Subnet 192.168.1.0/24 and server DCSiteA
SiteB = Subnet 192.168.2.0/24 and server DCSiteB
SiteC = Subnet 192.168.3.0/24 and server DCSiteC
Default-First-Site-Name = Subnet 95.86.76.90/28 and no Domain Controllers.
Any supported documentation links would be appreciated.
Thanks.
The organization also has Exchange Server in a DMZ. The DMZ subnet is in the Default-First-Site-Name Site. The DMZ physically resides in SiteA. I am problems with Exchange Services starting. It looks like the problem is that the server is trying to connect to Domain Controllers in any site and timing out when going to SiteB or SiteC Domain Controllers.
There are also two site links within ADS&S. One is a created domain specific link that contains sites A,B and C. The other is the DEFAULTIPSITELINK that contains all sites including the Default-First-Site-Link. The Cost and Replication time is the same on these site links as 100 and 60 minutes.
I am thinking of moving the DMZ subnet to the site SiteA and am anticipating this will cause it to always communicate with the Domain Controllers in SiteA.
Can you see any issues with me moving the DMZ subnet to SiteA?
I am also wondering if I should change the cost on the DEFAULTIPSITELINK so the domain specific link is the lowest cost.
Config Breakdown in Directory Sites and Services:
SiteA = Subnet 192.168.1.0/24 and server DCSiteA
SiteB = Subnet 192.168.2.0/24 and server DCSiteB
SiteC = Subnet 192.168.3.0/24 and server DCSiteC
Default-First-Site-Name = Subnet 95.86.76.90/28 and no Domain Controllers.
Any supported documentation links would be appreciated.
Thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
and i do not anticipate issues while doing this or as results of this action
exchange server was not placed at the right area at the first place ..
exchange and AD are closely related so it it better if you have exchange and dc and prefreably GC in the same site