Solved

Server 2008 AD - Configuring client on different subnets with DHCP

Posted on 2013-01-14
6
481 Views
Last Modified: 2013-01-20
Hi, I hope I explain my question easily and has a simple answer.

I want to create two different subnets for client PC's in a Win2K8 AD network. Each client will log into the network using an AD account. Each subnet will have their own Internet proxy server.

There will be two Win2K8 servers - One AD, DNS, DHCP and the other File, IIS. These will be set up using static addresses on the same subnet.

I want to create two different subnets for two different sets of clients from two differnt scopes set from the DHCP.

Question:
If the gateway address set on each workstation is the AD server's address then will the server send client requests to FTP and IIS to the correct server (on the different subnet)?

I was going to forward the clients to the correct proxy using Group Policy. Will this create any issues if the clients are in different sub nets from the server?
 
The plan is not to install RRAS

Any help or links would be appriciated, thank you.
0
Comment
Question by:OsakaKiwi
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 57

Assisted Solution

by:Pete Long
Pete Long earned 250 total points
ID: 38774023
I would use a decent Switch at the core of your LANthat can do Layer 3 routing (most decent switches can do this).

Create two VLANS, VLAN TAG (or trunk if its a Cisco) to the servers, create an IP helper on the second VLAN (this is done on the switch as well). Enable routing on the switch, make its default route your existing router/firewall, then finally, Create your two scopes on the DHCP server.
0
 

Author Comment

by:OsakaKiwi
ID: 38776110
Hi, thanks for your answer but unfortunately the instructions are to not install a router. It needs to be configured from within the server and  I was told I don't need RRAS.
0
 
LVL 12

Expert Comment

by:Navdeep
ID: 38776852
Question:
If the gateway address set on each workstation is the AD server's address then will the server send client requests to FTP and IIS to the correct server (on the different subnet)?

Ans:
Basically your AD server is your DNS as well. Gateway IP would be IP of next hop i.e. router if your AD act as gateway (running rras) and as long as IP is routable and resolvable you shall be able to access FTP and IIS

I was going to forward the clients to the correct proxy using Group Policy. Will this create any issues if the clients are in different sub nets from the server?

Ans:
Assuming your proxy configuration is correct. As long as IP is routable and resolvable you shall have no issues.

I hope that help clarify your doubt.

Regards,
Navdeep [ExchangeADTech]
0
Instantly Create Instructional Tutorials

Contextual Guidance at the moment of need helps your employees adopt to new software or processes instantly. Boost knowledge retention and employee engagement step-by-step with one easy solution.

 

Author Comment

by:OsakaKiwi
ID: 38776890
Hi, Thanks for your help.

The AD server does not have RRAS but it seems your answer suggest it should in order to route clients to ftp and proxy.

Currently all clients and servers are on the same subnet 192.168.0.0/24. AD is 192.168.0.1 and ftp is 192.168.0.2. There is no routing installed.

I have to create two additional subnets 192.168.1.0/24 & 192.168.2.0/24 but gateway would have to be set to 192.168.0.1.

Can I not do this without layer 3 switch or RRAS?  The information I have been given suggest so but I don't know how.

I have attached a basic diagram based on the info I have been given.
network.jpg
0
 
LVL 12

Accepted Solution

by:
Navdeep earned 250 total points
ID: 38776959
Hi,

So servers are on 192.168.0.x
staff on 192.168.1.x
Students on 192.168.2.x

In order for all of them to access each other you would need a layer 3 device (router).

I have to create two additional subnets 192.168.1.0/24 & 192.168.2.0/24 but gateway would have to be set to 192.168.0.1.

This becomes tricky. It will not be easy to get it work. You need to configure end stations without a gateway and use static routes at OS level using netsh.

If budget is a constrainted then you can look into running opensource bsd based router pfsense 2.0.2 (on vmware/virtualpc/openbox). It's pretty mature in terms of development and have lot of useful features.

Regards,
Navdeep [ExchangeADTech]
0
 

Author Closing Comment

by:OsakaKiwi
ID: 38797959
Thanks guys. It seems then I can't do as I am instructed. I will look at installing RRAS or a router.
0

Featured Post

PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question