Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

All vlans required as subnets in AD Sites & Services?

Posted on 2014-04-04
5
Medium Priority
?
797 Views
Last Modified: 2014-04-08
Hi there

I think this should be a fairly simple one to answer for you guys hopefully. I have a couple years experience of fairly basic AD management and I've come into a small/med size company where the IT manager was running the show on his own for years and has suddenly left so I'm going through the AD infrastructure to get to know the setup and see where improvements can be made.

We have 3 physical sites (main office, small satellite office and DR site), and there are 3 subnets displayed under Sites in AD sites and services representing each. The only thing is that in our main office we have 8 vlans in total, but only the 'server vlan' which hosts the DC's on this site is configured in AD S&S.

My question is, should I add the other 7 vlans we have into the AD S&S subnets? Everything seems to work without them being there, I just can't remember if it's best practice to add all the other non-DC subnets into there as well? And if that is the case, what's the reason for doing so?

Many thanks

BB
0
Comment
Question by:bananaboots
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 59

Expert Comment

by:Cliff Galiher
ID: 39977794
The answer sadly (and not helpfully) is "it depends." You've said there are three subnets, but then later imply that there are many more. Multiple VLANs don't necessarily mean multiple subnets, and that architecturally can be important.

AD sites allow various features to be distinct geographically instead of forcing that to be represented buy multiple domains in a forest or by abusing OUs in ADUC.

So in some instances, defining each VLAN as a separate sore can actually introduce inefficiencies. In others, they are essential to making sure queries on those VLANs don't get routed unnecessarily across the WAN.

There are just too many variables to answer this question a forum.
0
 

Author Comment

by:bananaboots
ID: 39978108
Hi, thanks for the response.

Sorry, let me clarify..... we have 3 physical sites

The 2 'other' small sites each have a total of one single subnet only that everything sits on i.e. every PC sits on the same single subnet as the single DC in each of those 2 sites.

Our head office building has 8 vlans: 192.168.1.x to 192.168.8.x

192.168.8.0/24 is our server vlan and contains the DC's. This is the one subnet that is displayed in in S&S with reference to the head office.

I don't know if this is any more helpful in terms of answering the original question? As to whether I should add 192.168.1.0/24 thru 192.168.1.7/24 which are for PC's only.

Sorry if I've not covered anything new here, just checking.

Thanks
0
 
LVL 6

Accepted Solution

by:
Hassan Besher earned 1200 total points
ID: 39979241
yes, you should add all vlans per site under Sites in AD sites and services, to control which AD server they are going to authenticate from if you have multiple AD servers in each site!
0
 
LVL 37

Expert Comment

by:Mahesh
ID: 39980035
The question is how many AD sites do you have 1st ?

Do you have separate AD sites representing each of three offices or do you have single site with  Default-first-site-name

If you have only one site, then 1st you need to create TWO more sites representing another physical sites and then add all respective site subnets to AD and latch each subnet to respective site

You can get lots of material \ You tube videos for how to add sites, subnets etc

Mahesh.
0
 

Author Comment

by:bananaboots
ID: 39983429
Thanks Hassan

Mahesh... yes we have 3 separate AD sites representing each office
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question