• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 316
  • Last Modified:

Active Directory Sites and Services

Hello Members,

I have a project for my company i donot know how to start it

actually First i want to Test it through on VMWare Lab now Scnario is following

we have 3 Different Sites so our


Topology is Single Forest and Multiple Domains


Example :
Root DC- Forest - PakistanMedia.int               (10.0.0.1)
Doamins - Khi.PakistanMedia.int     (10.0.0.2)
                 Lhr.PakistanMedia.int     (10.0.0.3)
                 Isb.PakistanMedia.int     (10.0.0.4)

Now Pls Help How i Start my Project and how to do this ????


Regards,

Osama MAnsoor


D
0
infoplateform
Asked:
infoplateform
  • 4
  • 3
1 Solution
 
Krzysztof PytkoActive Directory EngineerCommented:
What do you exactly want to do? If only creating Sites, open AD Sites and services console, create those sites then create appropriate subnets and link them to Sites. Move at least one DC to the Site.

But in that scenario it would be difficult to simulate Sites because you have used IP addresses from the same subnet :)

Change it a little bit different, create this subnets range

Root DC: 10.0.0.0/24 DC IP: 10.0.0.1
KHI DC: 10.0.1.0/24 DC IP: 10.0.1.1
LHR DC: 10.0.2.0/24 DC IP: 10.0.2.1
ISB DC: 10.0.3.0/24 DC IP: 10.0.3.1

Regards,
Lrzysztof
0
 
infoplateformAuthor Commented:

My Objectives are

Sites and Services LAB·
Check Replication etc. (repadmin)
User Roaming
 Resource Sharing
Domain Trust
AD Disaster Recovery (System State Backup)
File Server Forest Wide

and i need proper step by step guide to archive this goal mostly for sites and services and ad replication between different sites
0
 
Krzysztof PytkoActive Directory EngineerCommented:
Ok, now it's clear to me :) You cannot use those IPs for DCs to test sites, domains trusts and replication. You need to prepare new IP scheme based on my previous post to be able to test that :)

You need to have (simulate) separate networks

Krzysztof
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
Krzysztof PytkoActive Directory EngineerCommented:
And according to domains trust, it will be created automatically as two-way because these domains are in the same forest. If you need to test trusts, you need to create 2 separate forests and then you can test forest/domains trust.

The rest points would work fine in existing scenario.

Would you want to get some more detailed information from me according to these requirements?

Krzysztof
0
 
infoplateformAuthor Commented:
Thanks
0
 
infoplateformAuthor Commented:
thank you for your support, just another question :-)

So, without any further modification to the above setup on same subnet, would this allow a user created on any dc to login to any domain ?

or would I need to create a trust or add that user to a global group or something (like in NT4 days we used to have global groups) ?

I am using a single subnet so far, but whatif I had a separate subnet scheme, would a user created on any dc / domain will login to any domain ?

thanks !! so much for your support
0
 
Krzysztof PytkoActive Directory EngineerCommented:
I would follow this scenario (I don't know exactly your requirements)

Create Forest Root domain PakistanMedia.int Do not use this domain as regular but only as management (so, do not create regular users there)

Aftre that create new child domains within a forest
Khi.PakistanMedia.int
Lhr.PakistanMedia.int
Isb.PakistanMedia.int

all of your domains are in the same forest. And from 2003 DC domains have by default two-way transitive trust within a forest. You don't have to create Trusts by yourself :)

All DNS zones will be reachable by each domain, so you don't have to worry about DNS name resolution between them.

You would be able to manage all of these domains as Enterprise Administrator from PakistanMedia.int forest root domain.

As you wil have two-way transitive trusts between domains, your users will be able to access any resources in other domains (when you grant them appropriate rights). You may be interested with this MS article abuot group's scopes at
http://technet.microsoft.com/en-us/library/cc755692%28WS.10%29.aspx

And of course AD objects will be replicated between the domains.

Nope, subnets are only for Sites to tell computers/servers which DC(s) is/are the closest to authenticate. That doesn't allow users to log on to any other domains. For that, they need to have a user in particular domain.

I hope it's much more clear, now? If not you may ask another questions :)

Krzysztof
0

Featured Post

NEW Veeam Backup for Microsoft Office 365 1.5

With Office 365, it’s your data and your responsibility to protect it. NEW Veeam Backup for Microsoft Office 365 eliminates the risk of losing access to your Office 365 data.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now