Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Basic AD Question: Subnets in Sites and Services 2

Status
Not open for further replies.
Stevehewitt

Stevehewitt

IS-IT--Management
Jun 7, 2001
2,075
GB
Hi Guys,

Very embarassed to be posting this, as I've been active on here for about 5 years and working in IT longer - however I simply don't know anything about subnets in AD.

E.G. We have:

Addr: 10.x.x.x
Subnet: 255.255.0.0

(wired lan is: 10.3.x.x where the 3rd octet is 1 for servers, 2 for other nodes and 3 for clients - via DHCP.)

So a wired server would be:

10.3.1.200 / 255.255.0.0

And a wired client would be:

10.3.3.132 / 255.255.0.0

The same for wireless, although 10.3.3.132 becomes 10.4.3.132.


My problem is how I represent this in AD Sites and Services. 10.4.x.x, 10.3.x.x, etc. are seperate subnets in the same site. And we have another site of 192.168.1.x / 255.255.255.0 via a VPN (which goes from firewall to firewall).

Stupid question I know, but how should these be represented in AD Sites and Services?

Thanks in advance,




Steve.

"They have the internet on computers now!" - Homer Simpson
 
Sort by date Sort by votes
I setup my subnets in such a manner that each one is linked to the closest site/server. You can have multiple subnets linked to the same site. This is where the users/machines will try to authenticate to first. My network is not as complicated as yours but this setup should work for you as well.

hope this helps,

RoadKi11

Here is a url that explains it pretty well.

 
Upvote 0 Downvote
Cheers RoadKi11

Good link BTW.

I get the principles of how it should be setup, e.g. one site has one subnet (our DR site on the 192.168.1.x network) and the other site has the other lot. But what is the other lot?

E.G. Is it 10.0.0.0 as the address and 255.255.0.0 as the mask, or should it be 10.3.x.x / 255.255.0.0 and 10.4.x.x / 255.255.0.0.

Thanks again,



Steve.

"They have the internet on computers now!" - Homer Simpson
 
Upvote 0 Downvote
Well, first off take a deep breath :)

Now, first you will need to create the sites. You need to create them based on each location there is a DC. Then, you need to create all possible subnets. They can be subnetted down as far as you would like.

When you define a subnet, you can choose which site to assign it to. That how you can assign multiple subnets to a site and would want to do so based on DC location.

The VPN may be a bit more complex. AD is not good at handling anything that gets a NAT address. If you are going to be using AD subnets in a NAT'd environment, then it will have to be in 1 NAT on the inside. You wont be able to mix it between different NAT'd subnets.

I hope this helps you understand the process better.
 
Upvote 0 Downvote
Your last statement depends on how many hosts you want on each subnet and how many sites you need to separate them on.

For example, if you have 3 physical sites and it brokedown lik e this:

SiteA = uses 10.3.x.x
SiteB = uses 10.4.x.x
SiteC = uses 10.5.x.x

So if SiteA is the only site that will have a 10.3.x.x (and so on for the other sites), then I would make the subnet simple like this:

SiteA = 10.3.0.0/255.255.0.0
SiteB = 10.4.0.0/255.255.0.0
SiteC = 10.5.0.0/255.255.0.0

If you need to break each segment down to 2 subnets, then split it with 128 in the mask. Otherwise do not split it and use it like I showed above. Subnetting only needs to be complicated if your network/DC's are complicated.
 
Upvote 0 Downvote
Great - thanks for your help djtech2k!

So as I have 2 sites:

Site A (DC Site)

192.168.1.x using subnet mask 255.255.0.0

Site B (Main office)

10.x.x.x using subnet mask 255.255.0.0


Whilst site A is a doddle, it's site B that confuses me. Whilst the above 10.x.x.x is accurate, will that one setup for the site be enough? E.G. I setup 10.x.x.x/255.255.0.0 in AD for Site B, will all nodes (such as a wireless laptop setup as 10.4.3.122/255.255.0.0 and servers on 10.3.1.200/255.255.0.0) using anything on the 10.x.x.x range be included in site A?

Stupid question, but bizzarely my TCP/IP knowledge is seriously lacking! (Yet I can setup a DC via the CLI with my eyes shut..! ;-))

Cheers again - help is very much appreciated!!!



Steve.

"They have the internet on computers now!" - Homer Simpson
 
Upvote 0 Downvote
yeah dont over complicate it, do it kinda like djtech2k stated. you dont need to put the whole 10. network in 1 subnet, probably easier to manage and expand if you break it down to its lowest level you can. remember you can have more than 1 subnet per site. i dont think that vpn will give you any trouble, i have 2 vpn locations subnetted.

SiteA = 10.3.0.0/255.255.0.0
10.4.0.0/255.255.0.0

SiteB = 192.168.1.0/255.255.255.0

RoadKi11
 
Upvote 0 Downvote
Thanks Guys - done as suggested and all working.

Much appreciated! :)

Cheers,



Steve.

"They have the internet on computers now!" - Homer Simpson
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
906
suncit
suncit
ravalos
  • Locked
  • Question
Problem with PDFs in IIS
Replies
1
Views
1K
gbaughma
gbaughma
DrB0b
  • Locked
  • Question
Hybrid on prem AD with Azure AD
Replies
2
Views
399
DrB0b
DrB0b
Aquiles Vidal
  • Locked
  • Question
Web Browsers in Windows Server or Terminal Server
Replies
0
Views
693
Aquiles Vidal
Aquiles Vidal
DTGMI
  • Locked
  • Question
WIN 10 Pro PC & Adding back to our Network
Replies
0
Views
586
DTGMI
DTGMI

Part and Inventory Search

Sponsor

Back
Top