Solved

Active Directory Sites and Services

Posted on 2011-09-26
7
259 Views
Last Modified: 2012-05-12
Hello Members,

I have a project for my company i donot know how to start it

actually First i want to Test it through on VMWare Lab now Scnario is following

we have 3 Different Sites so our


Topology is Single Forest and Multiple Domains


Example :
Root DC- Forest - PakistanMedia.int               (10.0.0.1)
Doamins - Khi.PakistanMedia.int     (10.0.0.2)
                 Lhr.PakistanMedia.int     (10.0.0.3)
                 Isb.PakistanMedia.int     (10.0.0.4)

Now Pls Help How i Start my Project and how to do this ????


Regards,

Osama MAnsoor


D
0
Comment
Question by:infoplateform
  • 4
  • 3
7 Comments
 
LVL 39

Accepted Solution

by:
Krzysztof Pytko earned 500 total points
ID: 36599550
What do you exactly want to do? If only creating Sites, open AD Sites and services console, create those sites then create appropriate subnets and link them to Sites. Move at least one DC to the Site.

But in that scenario it would be difficult to simulate Sites because you have used IP addresses from the same subnet :)

Change it a little bit different, create this subnets range

Root DC: 10.0.0.0/24 DC IP: 10.0.0.1
KHI DC: 10.0.1.0/24 DC IP: 10.0.1.1
LHR DC: 10.0.2.0/24 DC IP: 10.0.2.1
ISB DC: 10.0.3.0/24 DC IP: 10.0.3.1

Regards,
Lrzysztof
0
 
LVL 6

Author Comment

by:infoplateform
ID: 36599724

My Objectives are

Sites and Services LAB·
Check Replication etc. (repadmin)
User Roaming
 Resource Sharing
Domain Trust
AD Disaster Recovery (System State Backup)
File Server Forest Wide

and i need proper step by step guide to archive this goal mostly for sites and services and ad replication between different sites
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 36600307
Ok, now it's clear to me :) You cannot use those IPs for DCs to test sites, domains trusts and replication. You need to prepare new IP scheme based on my previous post to be able to test that :)

You need to have (simulate) separate networks

Krzysztof
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 36601313
And according to domains trust, it will be created automatically as two-way because these domains are in the same forest. If you need to test trusts, you need to create 2 separate forests and then you can test forest/domains trust.

The rest points would work fine in existing scenario.

Would you want to get some more detailed information from me according to these requirements?

Krzysztof
0
 
LVL 6

Author Closing Comment

by:infoplateform
ID: 36894565
Thanks
0
 
LVL 6

Author Comment

by:infoplateform
ID: 36894580
thank you for your support, just another question :-)

So, without any further modification to the above setup on same subnet, would this allow a user created on any dc to login to any domain ?

or would I need to create a trust or add that user to a global group or something (like in NT4 days we used to have global groups) ?

I am using a single subnet so far, but whatif I had a separate subnet scheme, would a user created on any dc / domain will login to any domain ?

thanks !! so much for your support
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 36896113
I would follow this scenario (I don't know exactly your requirements)

Create Forest Root domain PakistanMedia.int Do not use this domain as regular but only as management (so, do not create regular users there)

Aftre that create new child domains within a forest
Khi.PakistanMedia.int
Lhr.PakistanMedia.int
Isb.PakistanMedia.int

all of your domains are in the same forest. And from 2003 DC domains have by default two-way transitive trust within a forest. You don't have to create Trusts by yourself :)

All DNS zones will be reachable by each domain, so you don't have to worry about DNS name resolution between them.

You would be able to manage all of these domains as Enterprise Administrator from PakistanMedia.int forest root domain.

As you wil have two-way transitive trusts between domains, your users will be able to access any resources in other domains (when you grant them appropriate rights). You may be interested with this MS article abuot group's scopes at
http://technet.microsoft.com/en-us/library/cc755692%28WS.10%29.aspx

And of course AD objects will be replicated between the domains.

Nope, subnets are only for Sites to tell computers/servers which DC(s) is/are the closest to authenticate. That doesn't allow users to log on to any other domains. For that, they need to have a user in particular domain.

I hope it's much more clear, now? If not you may ask another questions :)

Krzysztof
0

Join & Write a Comment

Do you have users whose passwords are expiring and they are constantly calling you?  Well I sure did and needed a way to put an end to this.  We have a lot of remote users which would not be notified that their passwords were expiring since they wer…
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now