• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 317
  • Last Modified:

Active Directory Sites and Services

Hello Members,

I have a project for my company i donot know how to start it

actually First i want to Test it through on VMWare Lab now Scnario is following

we have 3 Different Sites so our

Topology is Single Forest and Multiple Domains

Example :
Root DC- Forest - PakistanMedia.int               (
Doamins - Khi.PakistanMedia.int     (
                 Lhr.PakistanMedia.int     (
                 Isb.PakistanMedia.int     (

Now Pls Help How i Start my Project and how to do this ????


Osama MAnsoor

  • 4
  • 3
1 Solution
Krzysztof PytkoSenior Active Directory EngineerCommented:
What do you exactly want to do? If only creating Sites, open AD Sites and services console, create those sites then create appropriate subnets and link them to Sites. Move at least one DC to the Site.

But in that scenario it would be difficult to simulate Sites because you have used IP addresses from the same subnet :)

Change it a little bit different, create this subnets range

Root DC: DC IP:

infoplateformAuthor Commented:

My Objectives are

Sites and Services LAB·
Check Replication etc. (repadmin)
User Roaming
 Resource Sharing
Domain Trust
AD Disaster Recovery (System State Backup)
File Server Forest Wide

and i need proper step by step guide to archive this goal mostly for sites and services and ad replication between different sites
Krzysztof PytkoSenior Active Directory EngineerCommented:
Ok, now it's clear to me :) You cannot use those IPs for DCs to test sites, domains trusts and replication. You need to prepare new IP scheme based on my previous post to be able to test that :)

You need to have (simulate) separate networks

Easily Design & Build Your Next Website

Squarespace’s all-in-one platform gives you everything you need to express yourself creatively online, whether it is with a domain, website, or online store. Get started with your free trial today, and when ready, take 10% off your first purchase with offer code 'EXPERTS'.

Krzysztof PytkoSenior Active Directory EngineerCommented:
And according to domains trust, it will be created automatically as two-way because these domains are in the same forest. If you need to test trusts, you need to create 2 separate forests and then you can test forest/domains trust.

The rest points would work fine in existing scenario.

Would you want to get some more detailed information from me according to these requirements?

infoplateformAuthor Commented:
infoplateformAuthor Commented:
thank you for your support, just another question :-)

So, without any further modification to the above setup on same subnet, would this allow a user created on any dc to login to any domain ?

or would I need to create a trust or add that user to a global group or something (like in NT4 days we used to have global groups) ?

I am using a single subnet so far, but whatif I had a separate subnet scheme, would a user created on any dc / domain will login to any domain ?

thanks !! so much for your support
Krzysztof PytkoSenior Active Directory EngineerCommented:
I would follow this scenario (I don't know exactly your requirements)

Create Forest Root domain PakistanMedia.int Do not use this domain as regular but only as management (so, do not create regular users there)

Aftre that create new child domains within a forest

all of your domains are in the same forest. And from 2003 DC domains have by default two-way transitive trust within a forest. You don't have to create Trusts by yourself :)

All DNS zones will be reachable by each domain, so you don't have to worry about DNS name resolution between them.

You would be able to manage all of these domains as Enterprise Administrator from PakistanMedia.int forest root domain.

As you wil have two-way transitive trusts between domains, your users will be able to access any resources in other domains (when you grant them appropriate rights). You may be interested with this MS article abuot group's scopes at

And of course AD objects will be replicated between the domains.

Nope, subnets are only for Sites to tell computers/servers which DC(s) is/are the closest to authenticate. That doesn't allow users to log on to any other domains. For that, they need to have a user in particular domain.

I hope it's much more clear, now? If not you may ask another questions :)

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now