?
Solved

AD sites connection subnet question

Posted on 2013-12-18
3
Medium Priority
?
588 Views
Last Modified: 2013-12-23
Hi
I setup an active directory with 2 domain controllers. Each is within a physically separated network with one public IP behind a firewall. If i open a vpn tunnel on one server the replication works. But i want to make the replication without a manual vpn connection (although, now it's a task, but a  user session is still necessary) the plan is to implement a direct server connection, for instance by using IPSec. Therefore, I created two AD sites and as far as I understand, i put the public IP of one network in the Ip address field in the "add subnet" wizard. Is this correct? What subnetmask do i need to add /0? I would then configure port forwarding to the internal server address on the firewall?

Is this concept going to work or would it be easier to setup a vpn tunnel between the networks and use different ip ranges? This would use new routers.

Thanks in advance for any help!
0
Comment
Question by:KellerIT
3 Comments
 
LVL 39

Assisted Solution

by:Mahesh
Mahesh earned 260 total points
ID: 39728425
Not sure are you referring to AD sites and subnets ?
If that's the case, adding public IP to AD sites and services is not required

All you need to do, just create site to site VPN tunnel between both sites and replicate DCs over internet through VPN tunnel
http://computer.howstuffworks.com/vpn4.htm

Mahesh
0
 
LVL 10

Assisted Solution

by:ZenVenky
ZenVenky earned 260 total points
ID: 39728719
In stead of doing it hard way, I would suggest you to configure site to site VPN tunneling which will take care of AD replication and DCs communication. Before you proceed to do anything just ping 1 DC from another if it resolves the IP to name and name to IP then its good. If note then go ahead and configure site to site tunneling in VPN. To do so refer your VPN configuration documents.
0
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 480 total points
ID: 39729234
AD Sites are services is merly a logical representation of how DC's replication is managed (manaully or by KCC). If you did not setup AD Sites and Services your AD authentication would work but it would not be consistent. Sites and services work by creating logical sites for DC's and also to provide users a way to authenticate to an appropriate domain controller that is in the same site, which provides efficency.

Sites and services want the internal IP subnet for each logical site you have in active directory. Regardless of how you connect to your sites physically (vpn/mpls/direct connection/etc) Sites are Services does not care. That being said you just need to have a a physical connection and then you can associate the IP/Subnets in Sites and Services.

Will.
0

Featured Post

The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let's recap what we learned from yesterday's Skyport Systems webinar.
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses

589 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question