Active Directory Sites and Services

Hello Members,

I have a project for my company i donot know how to start it

actually First i want to Test it through on VMWare Lab now Scnario is following

we have 3 Different Sites so our


Topology is Single Forest and Multiple Domains


Example :
Root DC- Forest - PakistanMedia.int               (10.0.0.1)
Doamins - Khi.PakistanMedia.int     (10.0.0.2)
                 Lhr.PakistanMedia.int     (10.0.0.3)
                 Isb.PakistanMedia.int     (10.0.0.4)

Now Pls Help How i Start my Project and how to do this ????


Regards,

Osama MAnsoor


D
LVL 6
infoplateformAsked:
Who is Participating?
 
Krzysztof PytkoConnect With a Mentor Senior Active Directory EngineerCommented:
What do you exactly want to do? If only creating Sites, open AD Sites and services console, create those sites then create appropriate subnets and link them to Sites. Move at least one DC to the Site.

But in that scenario it would be difficult to simulate Sites because you have used IP addresses from the same subnet :)

Change it a little bit different, create this subnets range

Root DC: 10.0.0.0/24 DC IP: 10.0.0.1
KHI DC: 10.0.1.0/24 DC IP: 10.0.1.1
LHR DC: 10.0.2.0/24 DC IP: 10.0.2.1
ISB DC: 10.0.3.0/24 DC IP: 10.0.3.1

Regards,
Lrzysztof
0
 
infoplateformAuthor Commented:

My Objectives are

Sites and Services LAB·
Check Replication etc. (repadmin)
User Roaming
 Resource Sharing
Domain Trust
AD Disaster Recovery (System State Backup)
File Server Forest Wide

and i need proper step by step guide to archive this goal mostly for sites and services and ad replication between different sites
0
 
Krzysztof PytkoSenior Active Directory EngineerCommented:
Ok, now it's clear to me :) You cannot use those IPs for DCs to test sites, domains trusts and replication. You need to prepare new IP scheme based on my previous post to be able to test that :)

You need to have (simulate) separate networks

Krzysztof
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
Krzysztof PytkoSenior Active Directory EngineerCommented:
And according to domains trust, it will be created automatically as two-way because these domains are in the same forest. If you need to test trusts, you need to create 2 separate forests and then you can test forest/domains trust.

The rest points would work fine in existing scenario.

Would you want to get some more detailed information from me according to these requirements?

Krzysztof
0
 
infoplateformAuthor Commented:
Thanks
0
 
infoplateformAuthor Commented:
thank you for your support, just another question :-)

So, without any further modification to the above setup on same subnet, would this allow a user created on any dc to login to any domain ?

or would I need to create a trust or add that user to a global group or something (like in NT4 days we used to have global groups) ?

I am using a single subnet so far, but whatif I had a separate subnet scheme, would a user created on any dc / domain will login to any domain ?

thanks !! so much for your support
0
 
Krzysztof PytkoSenior Active Directory EngineerCommented:
I would follow this scenario (I don't know exactly your requirements)

Create Forest Root domain PakistanMedia.int Do not use this domain as regular but only as management (so, do not create regular users there)

Aftre that create new child domains within a forest
Khi.PakistanMedia.int
Lhr.PakistanMedia.int
Isb.PakistanMedia.int

all of your domains are in the same forest. And from 2003 DC domains have by default two-way transitive trust within a forest. You don't have to create Trusts by yourself :)

All DNS zones will be reachable by each domain, so you don't have to worry about DNS name resolution between them.

You would be able to manage all of these domains as Enterprise Administrator from PakistanMedia.int forest root domain.

As you wil have two-way transitive trusts between domains, your users will be able to access any resources in other domains (when you grant them appropriate rights). You may be interested with this MS article abuot group's scopes at
http://technet.microsoft.com/en-us/library/cc755692%28WS.10%29.aspx

And of course AD objects will be replicated between the domains.

Nope, subnets are only for Sites to tell computers/servers which DC(s) is/are the closest to authenticate. That doesn't allow users to log on to any other domains. For that, they need to have a user in particular domain.

I hope it's much more clear, now? If not you may ask another questions :)

Krzysztof
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.