Solved

Active Directory Sites and Services

Posted on 2011-09-26
7
278 Views
Last Modified: 2012-05-12
Hello Members,

I have a project for my company i donot know how to start it

actually First i want to Test it through on VMWare Lab now Scnario is following

we have 3 Different Sites so our


Topology is Single Forest and Multiple Domains


Example :
Root DC- Forest - PakistanMedia.int               (10.0.0.1)
Doamins - Khi.PakistanMedia.int     (10.0.0.2)
                 Lhr.PakistanMedia.int     (10.0.0.3)
                 Isb.PakistanMedia.int     (10.0.0.4)

Now Pls Help How i Start my Project and how to do this ????


Regards,

Osama MAnsoor


D
0
Comment
Question by:infoplateform
  • 4
  • 3
7 Comments
 
LVL 39

Accepted Solution

by:
Krzysztof Pytko earned 500 total points
ID: 36599550
What do you exactly want to do? If only creating Sites, open AD Sites and services console, create those sites then create appropriate subnets and link them to Sites. Move at least one DC to the Site.

But in that scenario it would be difficult to simulate Sites because you have used IP addresses from the same subnet :)

Change it a little bit different, create this subnets range

Root DC: 10.0.0.0/24 DC IP: 10.0.0.1
KHI DC: 10.0.1.0/24 DC IP: 10.0.1.1
LHR DC: 10.0.2.0/24 DC IP: 10.0.2.1
ISB DC: 10.0.3.0/24 DC IP: 10.0.3.1

Regards,
Lrzysztof
0
 
LVL 6

Author Comment

by:infoplateform
ID: 36599724

My Objectives are

Sites and Services LAB·
Check Replication etc. (repadmin)
User Roaming
 Resource Sharing
Domain Trust
AD Disaster Recovery (System State Backup)
File Server Forest Wide

and i need proper step by step guide to archive this goal mostly for sites and services and ad replication between different sites
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 36600307
Ok, now it's clear to me :) You cannot use those IPs for DCs to test sites, domains trusts and replication. You need to prepare new IP scheme based on my previous post to be able to test that :)

You need to have (simulate) separate networks

Krzysztof
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 36601313
And according to domains trust, it will be created automatically as two-way because these domains are in the same forest. If you need to test trusts, you need to create 2 separate forests and then you can test forest/domains trust.

The rest points would work fine in existing scenario.

Would you want to get some more detailed information from me according to these requirements?

Krzysztof
0
 
LVL 6

Author Closing Comment

by:infoplateform
ID: 36894565
Thanks
0
 
LVL 6

Author Comment

by:infoplateform
ID: 36894580
thank you for your support, just another question :-)

So, without any further modification to the above setup on same subnet, would this allow a user created on any dc to login to any domain ?

or would I need to create a trust or add that user to a global group or something (like in NT4 days we used to have global groups) ?

I am using a single subnet so far, but whatif I had a separate subnet scheme, would a user created on any dc / domain will login to any domain ?

thanks !! so much for your support
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 36896113
I would follow this scenario (I don't know exactly your requirements)

Create Forest Root domain PakistanMedia.int Do not use this domain as regular but only as management (so, do not create regular users there)

Aftre that create new child domains within a forest
Khi.PakistanMedia.int
Lhr.PakistanMedia.int
Isb.PakistanMedia.int

all of your domains are in the same forest. And from 2003 DC domains have by default two-way transitive trust within a forest. You don't have to create Trusts by yourself :)

All DNS zones will be reachable by each domain, so you don't have to worry about DNS name resolution between them.

You would be able to manage all of these domains as Enterprise Administrator from PakistanMedia.int forest root domain.

As you wil have two-way transitive trusts between domains, your users will be able to access any resources in other domains (when you grant them appropriate rights). You may be interested with this MS article abuot group's scopes at
http://technet.microsoft.com/en-us/library/cc755692%28WS.10%29.aspx

And of course AD objects will be replicated between the domains.

Nope, subnets are only for Sites to tell computers/servers which DC(s) is/are the closest to authenticate. That doesn't allow users to log on to any other domains. For that, they need to have a user in particular domain.

I hope it's much more clear, now? If not you may ask another questions :)

Krzysztof
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The password reset disk is often mentioned as the best solution to deal with the lost Windows password problem. In Windows 2008, 7, Vista and XP, a password reset disk can be easily created. But besides Windows 7/Vista/XP, Windows Server 2008 and ot…
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now