Discussion:
subnets or supernets in Sites and Services?
(too old to reply)
Stefan 'Birdie' Vogel
2008-11-17 08:19:51 UTC
Permalink
Hi together,

we sometime experience issues with clients that do not login to the local
DC, but to a DC in a different site.

We are using eg.
10.165.1.0/24
10.165.2.0/24
...
10.165.200.0/24

would it be ok to put
10.165.0.0/16
in sites and services, or do we have to put all 200 class C networks in
there (like I think)?

I'm searching for a MS white paper or similar on this, but can't find
anything.

Regards

Stefan
Meinolf Weber
2008-11-17 08:29:25 UTC
Permalink
Hello Stefan,

If zou have multiple sites and subnets, you have to configure the subnets
in ADSS and also create a site which belongs to the subnet. Then move the
DC to the site and the clients will use the DC in there belonging site for
the logon. Also make this DC's DNS and GC if not done.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
Post by Stefan 'Birdie' Vogel
Hi together,
we sometime experience issues with clients that do not login to the
local DC, but to a DC in a different site.
We are using eg.
10.165.1.0/24
10.165.2.0/24
...
10.165.200.0/24
would it be ok to put
10.165.0.0/16
in sites and services, or do we have to put all 200 class C networks in
there (like I think)?
I'm searching for a MS white paper or similar on this, but can't find
anything.
Regards
Stefan
Stefan 'Birdie' Vogel
2008-11-17 09:21:12 UTC
Permalink
Hi Meinolf,

so far about what I knew ;-)

The question has been: Is it ok to add "super-nets" or do I have to add the
subnets themself,
and, more important, because I need a proof for a discussion on this, I
search for any documentation from MS, telling this way or that way is the
correct way.

From what I have seen in the last years, if someone added only a "super"net,
we sometimes hove clients connecting to the wrong DCs. After correcting this
to the seperate detailed subnets, it is fine. So from my experience it is
obvious the detailed subnet information is necessary, but I have been asked
for a document with a proof from MS... :-/

Regards
Stefan
Post by Meinolf Weber
Hello Stefan,
If zou have multiple sites and subnets, you have to configure the subnets
in ADSS and also create a site which belongs to the subnet. Then move the
DC to the site and the clients will use the DC in there belonging site for
the logon. Also make this DC's DNS and GC if not done.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
Post by Stefan 'Birdie' Vogel
Hi together,
we sometime experience issues with clients that do not login to the
local DC, but to a DC in a different site.
We are using eg.
10.165.1.0/24
10.165.2.0/24
...
10.165.200.0/24
would it be ok to put
10.165.0.0/16
in sites and services, or do we have to put all 200 class C networks in
there (like I think)?
I'm searching for a MS white paper or similar on this, but can't find
anything.
Regards
Stefan
Meinolf Weber
2008-11-17 09:36:34 UTC
Permalink
Hello Stefan,

Sorry misunderstood it a bit. If you use your "supernet" exactly what you
describe can happen. To have it correct you have to add the single subnet's,
so that you can assign the DC to the correct subnet.

From: http://technet.microsoft.com/en-us/library/cc730718.aspx
"Identify the range of IP addresses that domain controllers in THIS site
use-and that identify the domain controllers as members of THIS site-by creating
a subnet object and associating it with the new site."

Also have a look here:
http://technet.microsoft.com/en-us/library/cc754697.aspx

http://technet.microsoft.com/en-us/library/cc731907.aspx

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
Post by Stefan 'Birdie' Vogel
Hi Meinolf,
so far about what I knew ;-)
The question has been: Is it ok to add "super-nets" or do I have to add the
subnets themself,
and, more important, because I need a proof for a discussion on this, I
search for any documentation from MS, telling this way or that way is the
correct way.
From what I have seen in the last years, if someone added only a
"super"net, we sometimes hove clients connecting to the wrong DCs.
After correcting this to the seperate detailed subnets, it is fine. So
from my experience it is obvious the detailed subnet information is
necessary, but I have been asked for a document with a proof from
MS... :-/
Regards
Stefan
Post by Meinolf Weber
Hello Stefan,
If zou have multiple sites and subnets, you have to configure the
subnets in ADSS and also create a site which belongs to the subnet.
Then move the DC to the site and the clients will use the DC in there
belonging site for the logon. Also make this DC's DNS and GC if not
done.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
Post by Stefan 'Birdie' Vogel
Hi together,
we sometime experience issues with clients that do not login to the
local DC, but to a DC in a different site.
We are using eg.
10.165.1.0/24
10.165.2.0/24
...
10.165.200.0/24
would it be ok to put
10.165.0.0/16
in sites and services, or do we have to put all 200 class C networks in
there (like I think)?
I'm searching for a MS white paper or similar on this, but can't find
anything.
Regards
Stefan
Jorge de Almeida Pinto [MVP - DS]
2008-11-29 13:33:55 UTC
Permalink
you can define whatever you as a subnet.

You can even specify just the IP address of the DC if needed like:
10.1.1.1/32

this is for exmaple done when having a lag site with just the DC
--
Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* How to ask a question --> http://support.microsoft.com/?id=555375
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test ANY suggestion in a test environment before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
Post by Stefan 'Birdie' Vogel
Hi together,
we sometime experience issues with clients that do not login to the local
DC, but to a DC in a different site.
We are using eg.
10.165.1.0/24
10.165.2.0/24
...
10.165.200.0/24
would it be ok to put
10.165.0.0/16
in sites and services, or do we have to put all 200 class C networks in
there (like I think)?
I'm searching for a MS white paper or similar on this, but can't find
anything.
Regards
Stefan
Loading...