Solved

All vlans required as subnets in AD Sites & Services?

Posted on 2014-04-04
5
546 Views
Last Modified: 2014-04-08
Hi there

I think this should be a fairly simple one to answer for you guys hopefully. I have a couple years experience of fairly basic AD management and I've come into a small/med size company where the IT manager was running the show on his own for years and has suddenly left so I'm going through the AD infrastructure to get to know the setup and see where improvements can be made.

We have 3 physical sites (main office, small satellite office and DR site), and there are 3 subnets displayed under Sites in AD sites and services representing each. The only thing is that in our main office we have 8 vlans in total, but only the 'server vlan' which hosts the DC's on this site is configured in AD S&S.

My question is, should I add the other 7 vlans we have into the AD S&S subnets? Everything seems to work without them being there, I just can't remember if it's best practice to add all the other non-DC subnets into there as well? And if that is the case, what's the reason for doing so?

Many thanks

BB
0
Comment
Question by:bananaboots
5 Comments
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 39977794
The answer sadly (and not helpfully) is "it depends." You've said there are three subnets, but then later imply that there are many more. Multiple VLANs don't necessarily mean multiple subnets, and that architecturally can be important.

AD sites allow various features to be distinct geographically instead of forcing that to be represented buy multiple domains in a forest or by abusing OUs in ADUC.

So in some instances, defining each VLAN as a separate sore can actually introduce inefficiencies. In others, they are essential to making sure queries on those VLANs don't get routed unnecessarily across the WAN.

There are just too many variables to answer this question a forum.
0
 

Author Comment

by:bananaboots
ID: 39978108
Hi, thanks for the response.

Sorry, let me clarify..... we have 3 physical sites

The 2 'other' small sites each have a total of one single subnet only that everything sits on i.e. every PC sits on the same single subnet as the single DC in each of those 2 sites.

Our head office building has 8 vlans: 192.168.1.x to 192.168.8.x

192.168.8.0/24 is our server vlan and contains the DC's. This is the one subnet that is displayed in in S&S with reference to the head office.

I don't know if this is any more helpful in terms of answering the original question? As to whether I should add 192.168.1.0/24 thru 192.168.1.7/24 which are for PC's only.

Sorry if I've not covered anything new here, just checking.

Thanks
0
 
LVL 6

Accepted Solution

by:
Hassan Besher earned 300 total points
ID: 39979241
yes, you should add all vlans per site under Sites in AD sites and services, to control which AD server they are going to authenticate from if you have multiple AD servers in each site!
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 39980035
The question is how many AD sites do you have 1st ?

Do you have separate AD sites representing each of three offices or do you have single site with  Default-first-site-name

If you have only one site, then 1st you need to create TWO more sites representing another physical sites and then add all respective site subnets to AD and latch each subnet to respective site

You can get lots of material \ You tube videos for how to add sites, subnets etc

Mahesh.
0
 

Author Comment

by:bananaboots
ID: 39983429
Thanks Hassan

Mahesh... yes we have 3 separate AD sites representing each office
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

A common practice in small networks is making file sharing easy which works extremely well when intra-network security is not an issue. In essence, everyone, that is "Everyone", is given access to all of the shared files - often the entire C: drive …
Synchronize a new Active Directory domain with an existing Office 365 tenant
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now