windows 2008 r2 Domain Controllers not able to see each other in different Subnets

Posted on 2012-03-15
Last Modified: 2012-08-14
Hello All,
I have a Domain Controller in NY called Server A ( in the subnet of This AD is the Primary of the Domain. I'm running low on IP address in the 90 subnet. within the NY office.  I cannot use super subnetting because the person who engineered this site along with 3 other sites made them like this.

All driven by MPLS:
NY-  (Domain Controller A -
PA-  (Domain Controller B -
CT-  (Domain Controller C -
NJ-   (Domain Controller D -

Super subneting would be the answer for me but requires a lot of work to change all IP device settings and workstations to a new subnet and there’s an overlap in IP address (Since supersubnetting would give me 90 and 91 subnets) that I do not want to risk.  so i figured...maybe  create a new Subnet and attached it to the NY site.

Let call this one  My though would be that it would give me 510 address nodes. - and - and i can access along with the 90 subnet.
so this is what i've done so far.

- added another Subnet for the "NY site" in Site and Services - and link it to NY.
and waited to sync...

Then i setup a workstation with a subnet address  IP:,submask: no gateway dns: to see if i can be domained or ping the NY AD at luck. It didn’t work and nslookup couldn’t find a DNS

So i created a new AD for subnet and called it ADsystems.
so this is what i've done..

- Domained an AD (ADsystems) ip address, Submask, Gateway:, DNS:
- added a Site in Site and Services called "Systems"
- Subnet for the "system" is and link it to "System" site.
- changed the Local DNS to itself
- Moved the ADsystem object in "NY" within  Site and service to the "System" site.
- Attached the subnet to the “System” site and created a link between NY and “Systems”
- Once I saw replication occurring, I then changed the IP address of the new AD (ADsystems) to address, Submask, No Gateway, DNS:
No gateway because the gateway in in the 90 subnet

Once I changed the IP address to the new subnet, the new AD cannot see or ping anything in the 90,91,92 or 93 subnets and replication is failing. I change it back to how I had it before and it works but now not for the 98 subnet.

Am I missing something?  Do I need to setup a VPN between 90 and 98 to see each other even it they are on the same network?
What are my options….anyone?

Question by:bootyfreakk
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2

Expert Comment

ID: 37726287
your issue is with the subnetmask or lack of default gateway. is going to give a usable range of -

the machines wont know how to reach network
LVL 37

Accepted Solution

Neil Russell earned 80 total points
ID: 37726290
If this is all part of a managed MPLS circuit then that is almost certainly where the issue lies. Changing AD will not give you any additional IP routing, that needs to be configured on your MPLS routers

Author Comment

ID: 37726489
Why would my gateway be a factor. When both 90 and 98 subnets are at the same NY location. It doesnt need to access a router for anything.

the NY Ad is sitting right next to the ADSystems server why should a router be involed. do i need setup atranslation of some sort,  Vlan on my switch or add an entry to my router for this to work?  (i would perferr not to go that route) would adding an extra ethernet card to the NY AD work?
Im doing this to expand the ip range. since im running low on 90.  I though DNS handled replication.

The other sites i have 91,92 and 93 have been setup this way and it works great.( MPLS and all) why do it locally and it doesnt work. I double checked my setup and i feel im missing something.
Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.


Assisted Solution

raeldri earned 20 total points
ID: 37726610
the subnet mask limits what is seen as "local" anything outside above range is considered remote and would need routed to reach the other subnets
LVL 37

Assisted Solution

by:Neil Russell
Neil Russell earned 80 total points
ID: 37726926
This is as I said orriginally down to routing. If its a fully managed MPLS then you need to get your MPLS service provider to provide an additional route and range to you for the extra subnet so that EVERYWHERE knows where to route to.
As explained above, just because two subnets are in the same location, does not mean they can talk to each other. Default gateways and subnets....
LVL 37

Expert Comment

by:Neil Russell
ID: 37726945

Its a night mare and will cause you nothing but problems.

Author Comment

ID: 37727651
How about some sort of internal rounting system...something i can build, a software or adding a vlan to a port on my switch to do a route from there. is this possible?

Expert Comment

ID: 37728642
Internal routing is fine do you have your own router outside the MPLS router or a layer3 switch?  Both would work fine for simple routing between subnets

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Determining the an SCCM package name from the Package ID
When asking a question in a forum or creating documentation, screenshots are vital tools that can convey a lot more information and save you and your reader a lot of time
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question