Adding site to Domain, question about configuring before deploy

[Guest]

I currently have a win2k3 AD domain structure. Our network is setup so that
each of our sites use a separate class c network. Routing between sites is
controlled through routing tables on our cisco routers.

So, if site A is the main site and uses 192.168.x.0 as the network address
and site B is the new location and uses 192.168.y.0, is it possible to create
the domain controller for site B while at site A? From what I've read and
experienced you really should never change the IP addressses of Domain
controllers so I wouldn't be able to simply set site B's ip address to the
same subnet of site A even temporarily.

I guess what I am trying to determine is if when I create the new site in
Active Directory Sites and Services if that will allow me to have the two
domain controllers see each other on the same network even though they are
showing different IP subnets and there will not be a router between them with
the routing tables and to act as site B's gateway. I'd like to be able to
have the whole windows LAN pretty much configured (or as much of it as I can)
before I haul everything up to the new site.

This will be the first multisite AD implementation that I will have done so
I may be making a mountain out of a mole hill. If anyone could give just
some good pointers on that I'd appreciate it. I'm planning on doing some
experimenting with Virtual PC with this kind of configuration before the
install, but I figured I'd throw this question out there to give me some
extra things to test.

Thanks

-Dan

 

[Herb Martin]

I currently have a win2k3 AD domain structure. Our network is setup so
that
each of our sites use a separate class c network. Routing between sites
is
controlled through routing tables on our cisco routers.

So, if site A is the main site and uses 192.168.x.0 as the network address
and site B is the new location and uses 192.168.y.0, is it possible to
create
the domain controller for site B while at site A?

Yes, but generally it will default to the Site in which its IP
address places it.

So you will have to (right click and) move it to the correct
site by the time you physically move it to the new location.

From what I've read and
experienced you really should never change the IP addressses of Domain
controllers so I wouldn't be able to simply set site B's ip address to the
same subnet of site A even temporarily.

I have been known to successfully change the IP addresses of
DCs. The key is to get the DNS changed (and replicated) with
it. And of course to get its site corrected.

You can also create a "phony subnet" just for this purpose -- if
it bothers you. E.g., 172.16.99.0 as the subnet.

Make it part of the "new site". Setup routing to it in the local
LAN. Install the DC. Move the DC. Change the address and
and wait for replication.

Go back and remove the Phone site (e.g., 172.16.99.0) from the
new site if you wish, so that next time you can use it for another
"new site."

All of this is likely unnecessary but it is an option.

I guess what I am trying to determine is if when I create the new site in
Active Directory Sites and Services if that will allow me to have the two
domain controllers see each other on the same network even though they are
showing different IP subnets and there will not be a router between them
with
the routing tables and to act as site B's gateway.

If you wish, but you may also dispense with the router if you
run a (temporary) Multi-net and you know how to set the local
routing on each (affected) DC.

I'd like to be able to
have the whole windows LAN pretty much configured (or as much of it as I
can)
before I haul everything up to the new site.

This is quite workable if you don't already have machines populating
that "new site".

The only changes when the ENTIRE subnet moves will be on the routers.

This will be the first multisite AD implementation that I will have done
so
I may be making a mountain out of a mole hill.

Probably. <grin> But that is somewhat better than overlooking
critical problems and not even seeing the real hills for the mountain.
(Mixed metaphors.)

If anyone could give just
some good pointers on that I'd appreciate it. I'm planning on doing some
experimenting with Virtual PC with this kind of configuration before the
install, but I figured I'd throw this question out there to give me some
extra things to test.

You would probably find it more natural to just use a small
router unless you are a real VPC expert. The extra complications
of VPC can easily obscure the problem (or magnify a non-problem)
if you aren't not truly adept at VPC.

For most SERVER type testing this is not an issue but it (VPC) can
quickly present a problem if the network itself is what you are
trying to model.

VPC can certainly simulate it, but a small router is much more
naturally isomorphic, i.e., same features, same ideas, same FEEL,
to the eventual router based setup.

 

[Paul Bergson]

I just built a dc in a corporate site in Minnesota and shipped it to
Florida. I have a remote access controller setup that allows me to attach
to the console w/o the machine be attached to the network. Once I can get
access to the local machine I can modify the IP Address, setup the new site
then throw it on the network and bring it on line and fix dns via running a
netdiag /fix..

--


Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

This posting is provided "AS IS" with no warranties, and confers no rights.

I currently have a win2k3 AD domain structure. Our network is setup so
that
each of our sites use a separate class c network. Routing between sites
is
controlled through routing tables on our cisco routers.

So, if site A is the main site and uses 192.168.x.0 as the network
address
and site B is the new location and uses 192.168.y.0, is it possible to
create
the domain controller for site B while at site A?

Yes, but generally it will default to the Site in which its IP
address places it.

So you will have to (right click and) move it to the correct
site by the time you physically move it to the new location.

From what I've read and
experienced you really should never change the IP addressses of Domain
controllers so I wouldn't be able to simply set site B's ip address to
the
same subnet of site A even temporarily.

I have been known to successfully change the IP addresses of
DCs. The key is to get the DNS changed (and replicated) with
it. And of course to get its site corrected.

You can also create a "phony subnet" just for this purpose -- if
it bothers you. E.g., 172.16.99.0 as the subnet.

Make it part of the "new site". Setup routing to it in the local
LAN. Install the DC. Move the DC. Change the address and
and wait for replication.

Go back and remove the Phone site (e.g., 172.16.99.0) from the
new site if you wish, so that next time you can use it for another
"new site."

All of this is likely unnecessary but it is an option.

I guess what I am trying to determine is if when I create the new site in
Active Directory Sites and Services if that will allow me to have the two
domain controllers see each other on the same network even though they
are
showing different IP subnets and there will not be a router between them
with
the routing tables and to act as site B's gateway.

If you wish, but you may also dispense with the router if you
run a (temporary) Multi-net and you know how to set the local
routing on each (affected) DC.

I'd like to be able to
have the whole windows LAN pretty much configured (or as much of it as I
can)
before I haul everything up to the new site.

This is quite workable if you don't already have machines populating
that "new site".

The only changes when the ENTIRE subnet moves will be on the routers.

This will be the first multisite AD implementation that I will have done
so
I may be making a mountain out of a mole hill.

Probably. <grin> But that is somewhat better than overlooking
critical problems and not even seeing the real hills for the mountain.
(Mixed metaphors.)

If anyone could give just
some good pointers on that I'd appreciate it. I'm planning on doing some
experimenting with Virtual PC with this kind of configuration before the
install, but I figured I'd throw this question out there to give me some
extra things to test.

You would probably find it more natural to just use a small
router unless you are a real VPC expert. The extra complications
of VPC can easily obscure the problem (or magnify a non-problem)
if you aren't not truly adept at VPC.

For most SERVER type testing this is not an issue but it (VPC) can
quickly present a problem if the network itself is what you are
trying to model.

VPC can certainly simulate it, but a small router is much more
naturally isomorphic, i.e., same features, same ideas, same FEEL,
to the eventual router based setup.

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]