Solved

Server 2008 AD - Configuring client on different subnets with DHCP

Posted on 2013-01-14
6
479 Views
Last Modified: 2013-01-20
Hi, I hope I explain my question easily and has a simple answer.

I want to create two different subnets for client PC's in a Win2K8 AD network. Each client will log into the network using an AD account. Each subnet will have their own Internet proxy server.

There will be two Win2K8 servers - One AD, DNS, DHCP and the other File, IIS. These will be set up using static addresses on the same subnet.

I want to create two different subnets for two different sets of clients from two differnt scopes set from the DHCP.

Question:
If the gateway address set on each workstation is the AD server's address then will the server send client requests to FTP and IIS to the correct server (on the different subnet)?

I was going to forward the clients to the correct proxy using Group Policy. Will this create any issues if the clients are in different sub nets from the server?
 
The plan is not to install RRAS

Any help or links would be appriciated, thank you.
0
Comment
Question by:OsakaKiwi
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 57

Assisted Solution

by:Pete Long
Pete Long earned 250 total points
ID: 38774023
I would use a decent Switch at the core of your LANthat can do Layer 3 routing (most decent switches can do this).

Create two VLANS, VLAN TAG (or trunk if its a Cisco) to the servers, create an IP helper on the second VLAN (this is done on the switch as well). Enable routing on the switch, make its default route your existing router/firewall, then finally, Create your two scopes on the DHCP server.
0
 

Author Comment

by:OsakaKiwi
ID: 38776110
Hi, thanks for your answer but unfortunately the instructions are to not install a router. It needs to be configured from within the server and  I was told I don't need RRAS.
0
 
LVL 12

Expert Comment

by:Navdeep
ID: 38776852
Question:
If the gateway address set on each workstation is the AD server's address then will the server send client requests to FTP and IIS to the correct server (on the different subnet)?

Ans:
Basically your AD server is your DNS as well. Gateway IP would be IP of next hop i.e. router if your AD act as gateway (running rras) and as long as IP is routable and resolvable you shall be able to access FTP and IIS

I was going to forward the clients to the correct proxy using Group Policy. Will this create any issues if the clients are in different sub nets from the server?

Ans:
Assuming your proxy configuration is correct. As long as IP is routable and resolvable you shall have no issues.

I hope that help clarify your doubt.

Regards,
Navdeep [ExchangeADTech]
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:OsakaKiwi
ID: 38776890
Hi, Thanks for your help.

The AD server does not have RRAS but it seems your answer suggest it should in order to route clients to ftp and proxy.

Currently all clients and servers are on the same subnet 192.168.0.0/24. AD is 192.168.0.1 and ftp is 192.168.0.2. There is no routing installed.

I have to create two additional subnets 192.168.1.0/24 & 192.168.2.0/24 but gateway would have to be set to 192.168.0.1.

Can I not do this without layer 3 switch or RRAS?  The information I have been given suggest so but I don't know how.

I have attached a basic diagram based on the info I have been given.
network.jpg
0
 
LVL 12

Accepted Solution

by:
Navdeep earned 250 total points
ID: 38776959
Hi,

So servers are on 192.168.0.x
staff on 192.168.1.x
Students on 192.168.2.x

In order for all of them to access each other you would need a layer 3 device (router).

I have to create two additional subnets 192.168.1.0/24 & 192.168.2.0/24 but gateway would have to be set to 192.168.0.1.

This becomes tricky. It will not be easy to get it work. You need to configure end stations without a gateway and use static routes at OS level using netsh.

If budget is a constrainted then you can look into running opensource bsd based router pfsense 2.0.2 (on vmware/virtualpc/openbox). It's pretty mature in terms of development and have lot of useful features.

Regards,
Navdeep [ExchangeADTech]
0
 

Author Closing Comment

by:OsakaKiwi
ID: 38797959
Thanks guys. It seems then I can't do as I am instructed. I will look at installing RRAS or a router.
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains the steps required to use the default Photos screensaver to display branding/corporate images
Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question