Solved

AD sites connection subnet question

Posted on 2013-12-18
3
528 Views
Last Modified: 2013-12-23
Hi
I setup an active directory with 2 domain controllers. Each is within a physically separated network with one public IP behind a firewall. If i open a vpn tunnel on one server the replication works. But i want to make the replication without a manual vpn connection (although, now it's a task, but a  user session is still necessary) the plan is to implement a direct server connection, for instance by using IPSec. Therefore, I created two AD sites and as far as I understand, i put the public IP of one network in the Ip address field in the "add subnet" wizard. Is this correct? What subnetmask do i need to add /0? I would then configure port forwarding to the internal server address on the firewall?

Is this concept going to work or would it be easier to setup a vpn tunnel between the networks and use different ip ranges? This would use new routers.

Thanks in advance for any help!
0
Comment
Question by:KellerIT
3 Comments
 
LVL 35

Assisted Solution

by:Mahesh
Mahesh earned 130 total points
ID: 39728425
Not sure are you referring to AD sites and subnets ?
If that's the case, adding public IP to AD sites and services is not required

All you need to do, just create site to site VPN tunnel between both sites and replicate DCs over internet through VPN tunnel
http://computer.howstuffworks.com/vpn4.htm

Mahesh
0
 
LVL 9

Assisted Solution

by:Zenvenky
Zenvenky earned 130 total points
ID: 39728719
In stead of doing it hard way, I would suggest you to configure site to site VPN tunneling which will take care of AD replication and DCs communication. Before you proceed to do anything just ping 1 DC from another if it resolves the IP to name and name to IP then its good. If note then go ahead and configure site to site tunneling in VPN. To do so refer your VPN configuration documents.
0
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 240 total points
ID: 39729234
AD Sites are services is merly a logical representation of how DC's replication is managed (manaully or by KCC). If you did not setup AD Sites and Services your AD authentication would work but it would not be consistent. Sites and services work by creating logical sites for DC's and also to provide users a way to authenticate to an appropriate domain controller that is in the same site, which provides efficency.

Sites and services want the internal IP subnet for each logical site you have in active directory. Regardless of how you connect to your sites physically (vpn/mpls/direct connection/etc) Sites are Services does not care. That being said you just need to have a a physical connection and then you can associate the IP/Subnets in Sites and Services.

Will.
0

Join & Write a Comment

The Need In an Active Directory enviroment, the PDC emulator provide time synchronization for the domain. This is important since Active Directory uses Kerberos for authentication.  By default, if the time difference between systems is off by more …
In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now