Sites and Subnets

Hello,

I have inherited a AD environment and our existing sites and services has servers DC within Default first sites and NTDS is setup. However I do not see subnets setup. Don't I need subnets setup to fully take advantage of AD replication to DC? We have a total of 7 DC and 5 are distributed throughout a VLAN network at different buildings. Two are at a different locations and on a separate VLAN. We are running Windows server 2008 and 2003 on two DC.
LVL 1
Jaime CamposAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Joseph MoodyBlogger and wearer of all hats.Commented:
Subnets tell your clients which DC to use. You will certainly want to add these in.
0
Jaime CamposAuthor Commented:
These are just the subnets for which the DC are part of? Why would it still be working without and what will this accomplish as far as speeds?
0
Joseph MoodyBlogger and wearer of all hats.Commented:
I don't know your network setup but let's say you have a DC at a remote site that has a slow link back to your main site.

Without subnets, computers/users/group policy/etc could be going from your main site to the remote site when they have a perfectly speedy DC right next to them. With subnets, clients know their preferred DC based on their IP range.
0
Will SzymkowskiSenior Solution ArchitectCommented:
As Joseph has stated this is used for logical site authentication. An important note is that if you have remote sites that do not have a domain controller present, these subnets are still required to be setup in AD Sites and Services. You would associate the subnet with a Geographically close Site that has a DC for authentication. If you do not add subnets you clients will still authenticate however it is random and inefficent as clients may authenticate to a DC that might be on the other side of the globe.

I have create a Two Part HowTo on understanding AD Sites and Services.
http://www.wsit.ca/how-tos/active-directory/active-directory-sites-and-services-part-1/

Will.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.