Solved

Best practices Design Active directory

Posted on 2014-10-16
7
155 Views
Last Modified: 2014-10-17
Hello gents

i have a question I want to redesign an Active directory ? but there is something that I'm not certain of : Actually I have 2 networks : 192.168 . 6. X where there is One domain Controller and A second Network of 192.168.7.X where there is a Second Domain controller  (Domain is the same). I have Servers that are seating in the two domains.

I want to create a domain for the servers only . Is it a recommended practice?  I want to create a VLAN dedicated to servers .  any Impact on Active directory ?

Rgds
0
Comment
Question by:gazambey
7 Comments
 
LVL 8

Expert Comment

by:Wilder_Admin
ID: 40383831
You are mixing topics. First to make all clear. AD is more or less for authenticating users and computers so easily to say a trustcenter then you have the topic of network. You have to network as a subnetting setup for locations maybe. And you have VLAN is a accessingcontrol for networks.

All are depending on each other but here does it not make sense to create a new domain.

What you can do instead ist to bring the servers in a own subnet / Vlan and clients etc in a different one. This is depending if you have two locations (cities?) and how they are connected. For VLAN you need special hardware and a way to manage them. Its one to setup and one to manage them. I hope i made it more clear???

At the end you need a concept what you want and how you achieve. In both i can help if you need.
0
 
LVL 79

Expert Comment

by:David Johnson, CD, MVP
ID: 40383898
With a VLAN separating clients and servers brings another question .. how does a client access a server?
0
 

Author Comment

by:gazambey
ID: 40383962
Hello People

I appreciate your comments. first of all I'm not mixing Subjects . I know that AD is for Authentication . My question is is it a good practice to have a VLAN for Servers and another One for Computers?

And sorry I don't want to create a new domain . I wanted to say a new network.
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 13

Expert Comment

by:Andy M
ID: 40384021
If you have a separate network for the domain controllers the computers would still need access to that network to authenticate/access files/etc.

I think the first question is what are the reasons for separating out the server/computers - unless there's a specific reason to do so I don't see any reason to separate the servers to another network.
0
 
LVL 8

Expert Comment

by:Wilder_Admin
ID: 40384214
You are not seperating Servers from clients with vlan the best practise if you can is to group clients with servers. For example your accounting has a own Terminalserver where alle financial Software is installed on. So it would make sense to seperate them from the rest of the network except of the dc.

Thats the way for vlans. What you can do is the subnetting topic to collect all clients in one and the servers in the other. Thats only cosmetic. It can make sense for example when your dhcp scope is getting to small then it would be a good idea to seperate the clients.

Even think about of ipv6 in your internal network? I know its the future and no need yet but if you want to be the first then its time to do.
0
 
LVL 10

Expert Comment

by:Pramod Ubhe
ID: 40384225
recommended practice is that you should have separate vlans for desktops and servers but those should communicate with each other. In AD you can create separate sites based on your subnets/location or map both the subnets to be authenticated within single site.
I think in your current setup you have separate domains which can easily be  done with sites and services or subnets in AD
0
 
LVL 34

Accepted Solution

by:
Seth Simmons earned 500 total points
ID: 40384241
i can see separating the networks through vlans like that in a large environment but if it isn't too large i would keep it simple and use one network; perhaps using 192.168.6.0/16 which will give you 512 addresses and will still allow you to separate into the .6 and .7 for servers and clients.  unless they are in different physical locations, i would keep both subnets in the same AD site
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I have been working as System Administrators since 2003. I recently started working as a FreeLancer and was amazed to find out that very few people are taking full advantage of their Windows Server Machines. Microsoft Windows Server comes with so…
I was supporting a handful of Windows 2008 (non-R2) 2 node clusters with shared quorum disks. Some had SQL 2008 installed and some were just a vendor application that we supported. For the purposes of this article it doesn’t really matter which so w…
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question