Re: [ActiveDir] Overlapping AD Subnet Boundaries
Overlapping AD Subnet Boundarieshello, just to stop the troll... Do you understand my others post about your network ? Is you DC set up on its network interface with a 255.255.0.0 netmask ? Your setup will work fine from an AD point of view (dssite.msc) , but not an IP routing point of view if you are really using a 255.255.0.0 Regards, Mathieu CHATEAU http://lordoftheping.blogspot.com - Original Message - From: Brian Cline To: ActiveDir@mail.activedir.org Sent: Friday, January 26, 2007 10:19 PM Subject: [ActiveDir] Overlapping AD Subnet Boundaries Say I create an AD subnet of 10.10.0.0/16 and assign it to our primary site, and another subnet as 10.10.41.0/24 and assign it to a secondary site. Will AD treat a client address of, say, 10.10.41.104 as a client on the secondary site, or will it default to the more general primary subnet? The reason I ask is we now have a need for a second AD site (I can see all the enterprise folks grinning now) and we have quite a number of other subnets that I'd have to manually enter if this is not the case. I don't mind doing it, but I was curious either way. Brian Cline, Applications Developer Department of Information Technology GP Trucking Company, Inc. 803.936.8595 Direct Line 800.922.1147 Toll-Free (x8595) 803.739.1176 Fax
Re: [ActiveDir] Overlapping AD Subnet Boundaries
My advice would have been to start with a 255.255.255.0 netmask (/24) - it's better for creating more subnets and hosts. 255.255.0.0 (/16) is more limiting if that is what the person is using, no matter what IP class is being used. But if not selected initially it's too late to easily go back... Regards, Chuck -Original Message- From: [EMAIL PROTECTED] To: ActiveDir@mail.activedir.org Sent: Sun, 28 Jan 2007 3:01 AM Subject: Re: [ActiveDir] Overlapping AD Subnet Boundaries hello, just to stop the troll... Do you understand my others post about your network ? Is you DC set up on its network interface with a 255.255.0.0 netmask ? Your setup will work fine from an AD point of view (dssite.msc) , but not an IP routing point of view if you are really using a 255.255.0.0 Regards, Mathieu CHATEAU http://lordoftheping.blogspot.com - Original Message - From: Brian Cline To: ActiveDir@mail.activedir.org Sent: Friday, January 26, 2007 10:19 PM Subject: [ActiveDir] Overlapping AD Subnet Boundaries Say I create an AD subnet of 10.10.0.0/16 and assign it to our primary site, and another subnet as 10.10.41.0/24 and assign it to a secondary site. Will AD treat a client address of, say, 10.10.41.104 as a client on the secondary site, or will it default to the more general primary subnet? The reason I ask is we now have a need for a second AD site (I can see all the enterprise folks grinning now) and we have quite a number of other subnets that I’d have to manually enter if this is not the case. I don’t mind doing it, but I was curious either way. Brian Cline, Applications Developer Department of Information Technology GP Trucking Company, Inc. 803.936.8595 Direct Line 800.922.1147 Toll-Free (x8595) 803.739.1176 Fax Check out the new AOL. Most comprehensive set of free safety and security tools, free access to millions of high-quality videos from across the web, free AOL Mail and more.
RE: [ActiveDir] Overlapping AD Subnet Boundaries
I think that someone knowing this wouldn't have post the question. I don't agree with this part. A lot of people don't think you can supernet AD subnets. In fact I have had people tell me outright it is impossible to do that in AD even when I tell them it has been my standard practice since Windows 2000 RTM'ed. They think it is just like the routing subnets where you have to very careful what you are doing or you will break packet routing. I see this question on a pretty regular basis in various forums, at least once per month. joe -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mathieu CHATEAU Sent: Saturday, January 27, 2007 3:17 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Overlapping AD Subnet Boundaries I know there is not a direct relation, but i don't know if the original poster understand that this can't work if it's the real implementation. I think that someone knowing this wouldn't have post the question. Regards, Mathieu CHATEAU http://lordoftheping.blogspot.com - Original Message - From: joe mailto:[EMAIL PROTECTED] To: ActiveDir@mail.activedir.org Sent: Saturday, January 27, 2007 9:03 PM Subject: RE: [ActiveDir] Overlapping AD Subnet Boundaries You are mistaking machine subnetting and subnetting defined in AD. They are not connected. The definitions in AD do not have to reflect what is really happening at the routing layer. They are generally close but there isn't any technical reason why they have to be. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mathieu CHATEAU Sent: Friday, January 26, 2007 4:34 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Overlapping AD Subnet Boundaries is it really 10.10.0.0/16 or a mistake (/24) ? Because your first site won't be able to joint the other one as it will think it's local and won't sent packet to the gateway (if it's really a /16). If it's a real /24, then it will works as expected (10.10.41.104 will be attached to the secondary site). If it's a /16 and you need router between both site, your configuration can't work from a network point of view. Regards, Mathieu CHATEAU http://lordoftheping.blogspot.com - Original Message - From: Brian Cline mailto:[EMAIL PROTECTED] To: ActiveDir@mail.activedir.org Sent: Friday, January 26, 2007 10:19 PM Subject: [ActiveDir] Overlapping AD Subnet Boundaries Say I create an AD subnet of 10.10.0.0/16 and assign it to our primary site, and another subnet as 10.10.41.0/24 and assign it to a secondary site. Will AD treat a client address of, say, 10.10.41.104 as a client on the secondary site, or will it default to the more general primary subnet? The reason I ask is we now have a need for a second AD site (I can see all the enterprise folks grinning now) and we have quite a number of other subnets that I'd have to manually enter if this is not the case. I don't mind doing it, but I was curious either way. Brian Cline, Applications Developer Department of Information Technology GP Trucking Company, Inc. 803.936.8595 Direct Line 800.922.1147 Toll-Free (x8595) 803.739.1176 Fax
RE: [ActiveDir] Overlapping AD Subnet Boundaries
Coming from more of a networking background than an AD background I wouldn't have immediately thought of super-netting out right, myself. So the point is well taken. If given this problem with no other background I'd probably think more in terms of 'brouting' (bridged routing) or using Server 2000/2003 routing features to bridge the two segments rather than do some bridging through more traditional networking means. Either is possible - even viable it depends more on the individual preferences and topology. You could certainly test both options to see which gives you the best performace. Though I suspect that using the brouter technique, off loading some of the processing to the network may give the best performance in the longer run, no? Been a long time since I have even said the term 'brouter'. Sounds so ancient. Theres my fuel to the fire, Enjoy! Brent Eads Employee Technology Solutions, Inc. Office: (312) 762-9224 Fax: (312) 762-9275 The contents contain privileged and/or confidential information intended for the named recipient of this email. ETSI (Employee Technology Solutions, Inc.) does not warrant that the contents of any electronically transmitted information will remain confidential. If the reader of this email is not the intended recipient you are hereby notified that any use, reproduction, disclosure or distribution of the information contained in the email in error, please reply to us immediately and delete the document. Viruses, Malware, Phishing and other known and unknown electronic threats: It is the recipient/client's duties to perform virus scans and otherwise test the information provided before loading onto any computer system. No warranty is made that this material is free from computer virus or any other defect. Any loss/damage incurred by using this material is not the sender's responsibility. Liability will be limited to resupplying the material. joe [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 01/28/2007 09:00 AM Please respond to ActiveDir@mail.activedir.org To ActiveDir@mail.activedir.org cc Subject RE: [ActiveDir] Overlapping AD Subnet Boundaries I think that someone knowing this wouldn't have post the question. I don't agree with this part. A lot of people don't think you can supernet AD subnets. In fact I have had people tell me outright it is impossible to do that in AD even when I tell them it has been my standard practice since Windows 2000 RTM'ed. They think it is just like the routing subnets where you have to very careful what you are doing or you will break packet routing. I see this question on a pretty regular basis in various forums, at least once per month. joe -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mathieu CHATEAU Sent: Saturday, January 27, 2007 3:17 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Overlapping AD Subnet Boundaries I know there is not a direct relation, but i don't know if the original poster understand that this can't work if it's the real implementation. I think that someone knowing this wouldn't have post the question. Regards, Mathieu CHATEAU http://lordoftheping.blogspot.com - Original Message - From: joe To: ActiveDir@mail.activedir.org Sent: Saturday, January 27, 2007 9:03 PM Subject: RE: [ActiveDir] Overlapping AD Subnet Boundaries You are mistaking machine subnetting and subnetting defined in AD. They are not connected. The definitions in AD do not have to reflect what is really happening at the routing layer. They are generally close but there isn't any technical reason why they have to be. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mathieu CHATEAU Sent: Friday, January 26, 2007 4:34 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Overlapping AD Subnet Boundaries is it really 10.10.0.0/16 or a mistake (/24) ? Because your first site won't be able to joint the other one as it will think it's local and won't sent packet to the gateway (if it's really a /16). If it's a real /24, then it will works as expected (10.10.41.104 will be attached to the secondary site). If it's a /16 and you need router between both site, your configuration can't work from a network point of view. Regards, Mathieu CHATEAU http://lordoftheping.blogspot.com - Original Message - From: Brian Cline To: ActiveDir@mail.activedir.org Sent: Friday, January 26, 2007 10:19 PM Subject: [ActiveDir] Overlapping AD Subnet Boundaries Say I create an AD subnet of 10.10.0.0/16 and assign it to our primary site, and another subnet as 10.10.41.0/24 and assign it to a secondary site. Will AD treat a client address of, say, 10.10.41.104 as a client on the secondary site, or will it default to the more general primary
RE: [ActiveDir] Overlapping AD Subnet Boundaries
I agree with Joe. I think it's a two fold problem. 1) People don't know that you can assign a block more than once and 2) they just don't seem to understand CIDR notation. I'm responsible for adding those addresses in our enterprise and I get requests all the time formatted like below and they apparently think they you have to make the AD assignment match the mask length of the clients. If that were the case I'd have thousands if not tens of thousands of assignments. Please add the following to West-HQ site 10.10.5.0/25 10.10.5.128/25 10.10.6.0/25 10.10.6.128/25 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Sunday, January 28, 2007 10:00 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Overlapping AD Subnet Boundaries I think that someone knowing this wouldn't have post the question. I don't agree with this part. A lot of people don't think you can supernet AD subnets. In fact I have had people tell me outright it is impossible to do that in AD even when I tell them it has been my standard practice since Windows 2000 RTM'ed. They think it is just like the routing subnets where you have to very careful what you are doing or you will break packet routing. I see this question on a pretty regular basis in various forums, at least once per month. joe -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mathieu CHATEAU Sent: Saturday, January 27, 2007 3:17 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Overlapping AD Subnet Boundaries I know there is not a direct relation, but i don't know if the original poster understand that this can't work if it's the real implementation. I think that someone knowing this wouldn't have post the question. Regards, Mathieu CHATEAU http://lordoftheping.blogspot.com - Original Message - From: joe mailto:[EMAIL PROTECTED] To: ActiveDir@mail.activedir.org Sent: Saturday, January 27, 2007 9:03 PM Subject: RE: [ActiveDir] Overlapping AD Subnet Boundaries You are mistaking machine subnetting and subnetting defined in AD. They are not connected. The definitions in AD do not have to reflect what is really happening at the routing layer. They are generally close but there isn't any technical reason why they have to be. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mathieu CHATEAU Sent: Friday, January 26, 2007 4:34 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Overlapping AD Subnet Boundaries is it really 10.10.0.0/16 or a mistake (/24) ? Because your first site won't be able to joint the other one as it will think it's local and won't sent packet to the gateway (if it's really a /16). If it's a real /24, then it will works as expected (10.10.41.104 will be attached to the secondary site). If it's a /16 and you need router between both site, your configuration can't work from a network point of view. Regards, Mathieu CHATEAU http://lordoftheping.blogspot.com - Original Message - From: Brian Cline mailto:[EMAIL PROTECTED] To: ActiveDir@mail.activedir.org Sent: Friday, January 26, 2007 10:19 PM Subject: [ActiveDir] Overlapping AD Subnet Boundaries Say I create an AD subnet of 10.10.0.0/16 and assign it to our primary site, and another subnet as 10.10.41.0/24 and assign it to a secondary site. Will AD treat a client address of, say, 10.10.41.104 as a client on the secondary site, or will it default to the more general primary subnet? The reason I ask is we now have a need for a second AD site (I can see all the enterprise folks grinning now) and we have quite a number of other subnets that I'd have to manually enter if this is not the case. I don't mind doing it, but I was curious either way. Brian Cline, Applications Developer Department of Information Technology GP Trucking Company, Inc. 803.936.8595 Direct Line 800.922.1147 Toll-Free (x8595) 803.739.1176 Fax
RE: [ActiveDir] Overlapping AD Subnet Boundaries
Nowhere does the OP say he's assigned a /16 mask to any interface. Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mathieu CHATEAU Sent: Sunday, January 28, 2007 4:02 AM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Overlapping AD Subnet Boundaries hello, just to stop the troll... Do you understand my others post about your network ? Is you DC set up on its network interface with a 255.255.0.0 netmask ? Your setup will work fine from an AD point of view (dssite.msc) , but not an IP routing point of view if you are really using a 255.255.0.0 Regards, Mathieu CHATEAU http://lordoftheping.blogspot.com - Original Message - From: Brian Clinemailto:[EMAIL PROTECTED] To: ActiveDir@mail.activedir.orgmailto:ActiveDir@mail.activedir.org Sent: Friday, January 26, 2007 10:19 PM Subject: [ActiveDir] Overlapping AD Subnet Boundaries Say I create an AD subnet of 10.10.0.0/16 and assign it to our primary site, and another subnet as 10.10.41.0/24 and assign it to a secondary site. Will AD treat a client address of, say, 10.10.41.104 as a client on the secondary site, or will it default to the more general primary subnet? The reason I ask is we now have a need for a second AD site (I can see all the enterprise folks grinning now) and we have quite a number of other subnets that I'd have to manually enter if this is not the case. I don't mind doing it, but I was curious either way. Brian Cline, Applications Developer Department of Information Technology GP Trucking Company, Inc. 803.936.8595 Direct Line 800.922.1147 Toll-Free (x8595) 803.739.1176 Fax
RE: [ActiveDir] Overlapping AD Subnet Boundaries
Going with a /24 when you're laying out a network just because its common and small doesn't really help anymore than picking a /16 out of the blue in the long run. Migrating machines into new subnets is actually not that difficult if properly planned - I've been around that circuit quite a few times. Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Sunday, January 28, 2007 9:24 AM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Overlapping AD Subnet Boundaries My advice would have been to start with a 255.255.255.0 netmask (/24) - it's better for creating more subnets and hosts. 255.255.0.0 (/16) is more limiting if that is what the person is using, no matter what IP class is being used. But if not selected initially it's too late to easily go back... Regards, Chuck -Original Message- From: [EMAIL PROTECTED] To: ActiveDir@mail.activedir.org Sent: Sun, 28 Jan 2007 3:01 AM Subject: Re: [ActiveDir] Overlapping AD Subnet Boundaries hello, just to stop the troll... Do you understand my others post about your network ? Is you DC set up on its network interface with a 255.255.0.0 netmask ? Your setup will work fine from an AD point of view (dssite.msc) , but not an IP routing point of view if you are really using a 255.255.0.0 Regards, Mathieu CHATEAU http://lordoftheping.blogspot.comhttp://lordoftheping.blogspot.com/ - Original Message - From: Brian Clinejavascript:parent.ComposeTo('[EMAIL PROTECTED]',%20''); To: ActiveDir@mail.activedir.orgjavascript:parent.ComposeTo('ActiveDir@mail.activedir.org',%20''); Sent: Friday, January 26, 2007 10:19 PM Subject: [ActiveDir] Overlapping AD Subnet Boundaries Say I create an AD subnet of 10.10.0.0/16 and assign it to our primary site, and another subnet as 10.10.41.0/24 and assign it to a secondary site. Will AD treat a client address of, say, 10.10.41.104 as a client on the secondary site, or will it default to the more general primary subnet? The reason I ask is we now have a need for a second AD site (I can see all the enterprise folks grinning now) and we have quite a number of other subnets that I'd have to manually enter if this is not the case. I don't mind doing it, but I was curious either way. Brian Cline, Applications Developer Department of Information Technology GP Trucking Company, Inc. 803.936.8595 Direct Line 800.922.1147 Toll-Free (x8595) 803.739.1176 Fax Check out the new AOLhttp://pr.atwola.com/promoclk/1615326657x4311227241x4298082137/aol?redir=http%3A%2F%2Fwww%2Eaol%2Ecom%2Fnewaol. Most comprehensive set of free safety and security tools, free access to millions of high-quality videos from across the web, free AOL Mail and more.
Re: [ActiveDir] Overlapping AD Subnet Boundaries
In my opinion, there is a pure TCP/IP network issue... A sample example: The DC is 10.10.0.1 with a netmask of 255.255.0.0 (/16 as indicated). if you try to ping 10.10.41.104, it will try to communicate on the LAN, seeking its arp. It won't send packet to the gateway since 10.10.41.0 must be on the LAN. The only way to get it work is to use a Layer 2 link between both site. Regards, Mathieu CHATEAU http://lordoftheping.blogspot.com - Original Message - From: Almeida Pinto, Jorge de [EMAIL PROTECTED] To: ActiveDir@mail.activedir.org Sent: Friday, January 26, 2007 11:37 PM Subject: RE: [ActiveDir] Overlapping AD Subnet Boundaries it will go for the second site 10.10.41.0/24 (= best matching) Met vriendelijke groeten / Kind regards, Ing. Jorge de Almeida Pinto Senior Infrastructure Consultant MVP Windows Server - Directory Services LogicaCMG Nederland B.V. (BU RTINC Eindhoven) ( Tel : +31-(0)40-29.57.777 ( Mobile : +31-(0)6-26.26.62.80 * E-mail : see sender address From: [EMAIL PROTECTED] on behalf of Brian Cline Sent: Fri 2007-01-26 22:19 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Overlapping AD Subnet Boundaries Say I create an AD subnet of 10.10.0.0/16 and assign it to our primary site, and another subnet as 10.10.41.0/24 and assign it to a secondary site. Will AD treat a client address of, say, 10.10.41.104 as a client on the secondary site, or will it default to the more general primary subnet? The reason I ask is we now have a need for a second AD site (I can see all the enterprise folks grinning now) and we have quite a number of other subnets that I'd have to manually enter if this is not the case. I don't mind doing it, but I was curious either way. Brian Cline, Applications Developer Department of Information Technology GP Trucking Company, Inc. 803.936.8595 Direct Line 800.922.1147 Toll-Free (x8595) 803.739.1176 Fax This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx
RE: [ActiveDir] Overlapping AD Subnet Boundaries
While your math is right you should look up supernetting and subnetting somewhere. Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir- [EMAIL PROTECTED] On Behalf Of Mathieu CHATEAU Sent: Saturday, January 27, 2007 4:17 AM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Overlapping AD Subnet Boundaries In my opinion, there is a pure TCP/IP network issue... A sample example: The DC is 10.10.0.1 with a netmask of 255.255.0.0 (/16 as indicated). if you try to ping 10.10.41.104, it will try to communicate on the LAN, seeking its arp. It won't send packet to the gateway since 10.10.41.0 must be on the LAN. The only way to get it work is to use a Layer 2 link between both site. Regards, Mathieu CHATEAU http://lordoftheping.blogspot.com - Original Message - From: Almeida Pinto, Jorge de [EMAIL PROTECTED] To: ActiveDir@mail.activedir.org Sent: Friday, January 26, 2007 11:37 PM Subject: RE: [ActiveDir] Overlapping AD Subnet Boundaries it will go for the second site 10.10.41.0/24 (= best matching) Met vriendelijke groeten / Kind regards, Ing. Jorge de Almeida Pinto Senior Infrastructure Consultant MVP Windows Server - Directory Services LogicaCMG Nederland B.V. (BU RTINC Eindhoven) ( Tel : +31-(0)40-29.57.777 ( Mobile : +31-(0)6-26.26.62.80 * E-mail : see sender address From: [EMAIL PROTECTED] on behalf of Brian Cline Sent: Fri 2007-01-26 22:19 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Overlapping AD Subnet Boundaries Say I create an AD subnet of 10.10.0.0/16 and assign it to our primary site, and another subnet as 10.10.41.0/24 and assign it to a secondary site. Will AD treat a client address of, say, 10.10.41.104 as a client on the secondary site, or will it default to the more general primary subnet? The reason I ask is we now have a need for a second AD site (I can see all the enterprise folks grinning now) and we have quite a number of other subnets that I'd have to manually enter if this is not the case. I don't mind doing it, but I was curious either way. Brian Cline, Applications Developer Department of Information Technology GP Trucking Company, Inc. 803.936.8595 Direct Line 800.922.1147 Toll-Free (x8595) 803.739.1176 Fax This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx
Re: [ActiveDir] Overlapping AD Subnet Boundaries
hi, i am coming from network job, so i am used to sub/super netting somehow :) thanks anyway ! Regards, Mathieu CHATEAU http://lordoftheping.blogspot.com - Original Message - From: Brian Desmond [EMAIL PROTECTED] To: ActiveDir@mail.activedir.org Sent: Saturday, January 27, 2007 6:47 PM Subject: RE: [ActiveDir] Overlapping AD Subnet Boundaries While your math is right you should look up supernetting and subnetting somewhere. Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir- [EMAIL PROTECTED] On Behalf Of Mathieu CHATEAU Sent: Saturday, January 27, 2007 4:17 AM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Overlapping AD Subnet Boundaries In my opinion, there is a pure TCP/IP network issue... A sample example: The DC is 10.10.0.1 with a netmask of 255.255.0.0 (/16 as indicated). if you try to ping 10.10.41.104, it will try to communicate on the LAN, seeking its arp. It won't send packet to the gateway since 10.10.41.0 must be on the LAN. The only way to get it work is to use a Layer 2 link between both site. Regards, Mathieu CHATEAU http://lordoftheping.blogspot.com - Original Message - From: Almeida Pinto, Jorge de [EMAIL PROTECTED] To: ActiveDir@mail.activedir.org Sent: Friday, January 26, 2007 11:37 PM Subject: RE: [ActiveDir] Overlapping AD Subnet Boundaries it will go for the second site 10.10.41.0/24 (= best matching) Met vriendelijke groeten / Kind regards, Ing. Jorge de Almeida Pinto Senior Infrastructure Consultant MVP Windows Server - Directory Services LogicaCMG Nederland B.V. (BU RTINC Eindhoven) ( Tel : +31-(0)40-29.57.777 ( Mobile : +31-(0)6-26.26.62.80 * E-mail : see sender address From: [EMAIL PROTECTED] on behalf of Brian Cline Sent: Fri 2007-01-26 22:19 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Overlapping AD Subnet Boundaries Say I create an AD subnet of 10.10.0.0/16 and assign it to our primary site, and another subnet as 10.10.41.0/24 and assign it to a secondary site. Will AD treat a client address of, say, 10.10.41.104 as a client on the secondary site, or will it default to the more general primary subnet? The reason I ask is we now have a need for a second AD site (I can see all the enterprise folks grinning now) and we have quite a number of other subnets that I'd have to manually enter if this is not the case. I don't mind doing it, but I was curious either way. Brian Cline, Applications Developer Department of Information Technology GP Trucking Company, Inc. 803.936.8595 Direct Line 800.922.1147 Toll-Free (x8595) 803.739.1176 Fax This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx
RE: [ActiveDir] Overlapping AD Subnet Boundaries
OK well you don't need a layer 2 link to do what the OP wants... Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir- [EMAIL PROTECTED] On Behalf Of Mathieu CHATEAU Sent: Saturday, January 27, 2007 12:53 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Overlapping AD Subnet Boundaries hi, i am coming from network job, so i am used to sub/super netting somehow :) thanks anyway ! Regards, Mathieu CHATEAU http://lordoftheping.blogspot.com - Original Message - From: Brian Desmond [EMAIL PROTECTED] To: ActiveDir@mail.activedir.org Sent: Saturday, January 27, 2007 6:47 PM Subject: RE: [ActiveDir] Overlapping AD Subnet Boundaries While your math is right you should look up supernetting and subnetting somewhere. Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir- [EMAIL PROTECTED] On Behalf Of Mathieu CHATEAU Sent: Saturday, January 27, 2007 4:17 AM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Overlapping AD Subnet Boundaries In my opinion, there is a pure TCP/IP network issue... A sample example: The DC is 10.10.0.1 with a netmask of 255.255.0.0 (/16 as indicated). if you try to ping 10.10.41.104, it will try to communicate on the LAN, seeking its arp. It won't send packet to the gateway since 10.10.41.0 must be on the LAN. The only way to get it work is to use a Layer 2 link between both site. Regards, Mathieu CHATEAU http://lordoftheping.blogspot.com - Original Message - From: Almeida Pinto, Jorge de [EMAIL PROTECTED] To: ActiveDir@mail.activedir.org Sent: Friday, January 26, 2007 11:37 PM Subject: RE: [ActiveDir] Overlapping AD Subnet Boundaries it will go for the second site 10.10.41.0/24 (= best matching) Met vriendelijke groeten / Kind regards, Ing. Jorge de Almeida Pinto Senior Infrastructure Consultant MVP Windows Server - Directory Services LogicaCMG Nederland B.V. (BU RTINC Eindhoven) ( Tel : +31-(0)40-29.57.777 ( Mobile : +31-(0)6-26.26.62.80 * E-mail : see sender address From: [EMAIL PROTECTED] on behalf of Brian Cline Sent: Fri 2007-01-26 22:19 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Overlapping AD Subnet Boundaries Say I create an AD subnet of 10.10.0.0/16 and assign it to our primary site, and another subnet as 10.10.41.0/24 and assign it to a secondary site. Will AD treat a client address of, say, 10.10.41.104 as a client on the secondary site, or will it default to the more general primary subnet? The reason I ask is we now have a need for a second AD site (I can see all the enterprise folks grinning now) and we have quite a number of other subnets that I'd have to manually enter if this is not the case. I don't mind doing it, but I was curious either way. Brian Cline, Applications Developer Department of Information Technology GP Trucking Company, Inc. 803.936.8595 Direct Line 800.922.1147 Toll-Free (x8595) 803.739.1176 Fax This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx
Re: [ActiveDir] Overlapping AD Subnet Boundaries
i don't agree. the /24 is included in the /16. You won't have layer 3 routing between the two site, at least from the primary to the secondary. Even if it will work from a routing point of view from the secondary to the primary. what's the point ? Regards, Mathieu CHATEAU http://lordoftheping.blogspot.com - Original Message - From: Brian Desmond [EMAIL PROTECTED] To: ActiveDir@mail.activedir.org Sent: Saturday, January 27, 2007 6:58 PM Subject: RE: [ActiveDir] Overlapping AD Subnet Boundaries OK well you don't need a layer 2 link to do what the OP wants... Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir- [EMAIL PROTECTED] On Behalf Of Mathieu CHATEAU Sent: Saturday, January 27, 2007 12:53 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Overlapping AD Subnet Boundaries hi, i am coming from network job, so i am used to sub/super netting somehow :) thanks anyway ! Regards, Mathieu CHATEAU http://lordoftheping.blogspot.com - Original Message - From: Brian Desmond [EMAIL PROTECTED] To: ActiveDir@mail.activedir.org Sent: Saturday, January 27, 2007 6:47 PM Subject: RE: [ActiveDir] Overlapping AD Subnet Boundaries While your math is right you should look up supernetting and subnetting somewhere. Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir- [EMAIL PROTECTED] On Behalf Of Mathieu CHATEAU Sent: Saturday, January 27, 2007 4:17 AM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Overlapping AD Subnet Boundaries In my opinion, there is a pure TCP/IP network issue... A sample example: The DC is 10.10.0.1 with a netmask of 255.255.0.0 (/16 as indicated). if you try to ping 10.10.41.104, it will try to communicate on the LAN, seeking its arp. It won't send packet to the gateway since 10.10.41.0 must be on the LAN. The only way to get it work is to use a Layer 2 link between both site. Regards, Mathieu CHATEAU http://lordoftheping.blogspot.com - Original Message - From: Almeida Pinto, Jorge de [EMAIL PROTECTED] To: ActiveDir@mail.activedir.org Sent: Friday, January 26, 2007 11:37 PM Subject: RE: [ActiveDir] Overlapping AD Subnet Boundaries it will go for the second site 10.10.41.0/24 (= best matching) Met vriendelijke groeten / Kind regards, Ing. Jorge de Almeida Pinto Senior Infrastructure Consultant MVP Windows Server - Directory Services LogicaCMG Nederland B.V. (BU RTINC Eindhoven) ( Tel : +31-(0)40-29.57.777 ( Mobile : +31-(0)6-26.26.62.80 * E-mail : see sender address From: [EMAIL PROTECTED] on behalf of Brian Cline Sent: Fri 2007-01-26 22:19 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Overlapping AD Subnet Boundaries Say I create an AD subnet of 10.10.0.0/16 and assign it to our primary site, and another subnet as 10.10.41.0/24 and assign it to a secondary site. Will AD treat a client address of, say, 10.10.41.104 as a client on the secondary site, or will it default to the more general primary subnet? The reason I ask is we now have a need for a second AD site (I can see all the enterprise folks grinning now) and we have quite a number of other subnets that I'd have to manually enter if this is not the case. I don't mind doing it, but I was curious either way. Brian Cline, Applications Developer Department of Information Technology GP Trucking Company, Inc. 803.936.8595 Direct Line 800.922.1147 Toll-Free (x8595) 803.739.1176 Fax This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx
RE: [ActiveDir] Overlapping AD Subnet Boundaries
Active directory will use the most specific network address that applies to it. For instance, I set up a class-A address (or multiple in some companies) that applies to all of the network space of the company and assign that to the primary data center location. Then I start making more focused subnets that route clients / replication to more specific locations. That way you don't run into the issue where clients can't find their own subnet so choose a random DC. I have set up subnets all the way from 8 bit down to 32 bit as needed and it all works fine. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Cline Sent: Friday, January 26, 2007 4:20 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Overlapping AD Subnet Boundaries Say I create an AD subnet of 10.10.0.0/16 and assign it to our primary site, and another subnet as 10.10.41.0/24 and assign it to a secondary site. Will AD treat a client address of, say, 10.10.41.104 as a client on the secondary site, or will it default to the more general primary subnet? The reason I ask is we now have a need for a second AD site (I can see all the enterprise folks grinning now) and we have quite a number of other subnets that I'd have to manually enter if this is not the case. I don't mind doing it, but I was curious either way. Brian Cline, Applications Developer Department of Information Technology GP Trucking Company, Inc. 803.936.8595 Direct Line 800.922.1147 Toll-Free (x8595) 803.739.1176 Fax
RE: [ActiveDir] Overlapping AD Subnet Boundaries
You are mistaking machine subnetting and subnetting defined in AD. They are not connected. The definitions in AD do not have to reflect what is really happening at the routing layer. They are generally close but there isn't any technical reason why they have to be. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mathieu CHATEAU Sent: Friday, January 26, 2007 4:34 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Overlapping AD Subnet Boundaries is it really 10.10.0.0/16 or a mistake (/24) ? Because your first site won't be able to joint the other one as it will think it's local and won't sent packet to the gateway (if it's really a /16). If it's a real /24, then it will works as expected (10.10.41.104 will be attached to the secondary site). If it's a /16 and you need router between both site, your configuration can't work from a network point of view. Regards, Mathieu CHATEAU http://lordoftheping.blogspot.com - Original Message - From: Brian Cline mailto:[EMAIL PROTECTED] To: ActiveDir@mail.activedir.org Sent: Friday, January 26, 2007 10:19 PM Subject: [ActiveDir] Overlapping AD Subnet Boundaries Say I create an AD subnet of 10.10.0.0/16 and assign it to our primary site, and another subnet as 10.10.41.0/24 and assign it to a secondary site. Will AD treat a client address of, say, 10.10.41.104 as a client on the secondary site, or will it default to the more general primary subnet? The reason I ask is we now have a need for a second AD site (I can see all the enterprise folks grinning now) and we have quite a number of other subnets that I'd have to manually enter if this is not the case. I don't mind doing it, but I was curious either way. Brian Cline, Applications Developer Department of Information Technology GP Trucking Company, Inc. 803.936.8595 Direct Line 800.922.1147 Toll-Free (x8595) 803.739.1176 Fax
Re: [ActiveDir] Overlapping AD Subnet Boundaries
Overlapping AD Subnet BoundariesI know there is not a direct relation, but i don't know if the original poster understand that this can't work if it's the real implementation. I think that someone knowing this wouldn't have post the question. Regards, Mathieu CHATEAU http://lordoftheping.blogspot.com - Original Message - From: joe To: ActiveDir@mail.activedir.org Sent: Saturday, January 27, 2007 9:03 PM Subject: RE: [ActiveDir] Overlapping AD Subnet Boundaries You are mistaking machine subnetting and subnetting defined in AD. They are not connected. The definitions in AD do not have to reflect what is really happening at the routing layer. They are generally close but there isn't any technical reason why they have to be. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm -- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mathieu CHATEAU Sent: Friday, January 26, 2007 4:34 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Overlapping AD Subnet Boundaries is it really 10.10.0.0/16 or a mistake (/24) ? Because your first site won't be able to joint the other one as it will think it's local and won't sent packet to the gateway (if it's really a /16). If it's a real /24, then it will works as expected (10.10.41.104 will be attached to the secondary site). If it's a /16 and you need router between both site, your configuration can't work from a network point of view. Regards, Mathieu CHATEAU http://lordoftheping.blogspot.com - Original Message - From: Brian Cline To: ActiveDir@mail.activedir.org Sent: Friday, January 26, 2007 10:19 PM Subject: [ActiveDir] Overlapping AD Subnet Boundaries Say I create an AD subnet of 10.10.0.0/16 and assign it to our primary site, and another subnet as 10.10.41.0/24 and assign it to a secondary site. Will AD treat a client address of, say, 10.10.41.104 as a client on the secondary site, or will it default to the more general primary subnet? The reason I ask is we now have a need for a second AD site (I can see all the enterprise folks grinning now) and we have quite a number of other subnets that I'd have to manually enter if this is not the case. I don't mind doing it, but I was curious either way. Brian Cline, Applications Developer Department of Information Technology GP Trucking Company, Inc. 803.936.8595 Direct Line 800.922.1147 Toll-Free (x8595) 803.739.1176 Fax
RE: [ActiveDir] Overlapping AD Subnet Boundaries
AD subnets have nothing to do with how the WAN is actually routed. All they do is link an IP address to a site. If you don't have a blanket subnet as a last resort your DCs start filling their event logs with events about how clients are connecting from unknown subnets. So what you do is you take your hub datacenter(s) and associate large supernets with the site objects (as big as 10.0.0.0/8 if appropriate). Then you associate the actual subnets with the sites where they're physically located. Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir- [EMAIL PROTECTED] On Behalf Of Mathieu CHATEAU Sent: Saturday, January 27, 2007 1:34 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Overlapping AD Subnet Boundaries i don't agree. the /24 is included in the /16. You won't have layer 3 routing between the two site, at least from the primary to the secondary. Even if it will work from a routing point of view from the secondary to the primary. what's the point ? Regards, Mathieu CHATEAU http://lordoftheping.blogspot.com - Original Message - From: Brian Desmond [EMAIL PROTECTED] To: ActiveDir@mail.activedir.org Sent: Saturday, January 27, 2007 6:58 PM Subject: RE: [ActiveDir] Overlapping AD Subnet Boundaries OK well you don't need a layer 2 link to do what the OP wants... Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir- [EMAIL PROTECTED] On Behalf Of Mathieu CHATEAU Sent: Saturday, January 27, 2007 12:53 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Overlapping AD Subnet Boundaries hi, i am coming from network job, so i am used to sub/super netting somehow :) thanks anyway ! Regards, Mathieu CHATEAU http://lordoftheping.blogspot.com - Original Message - From: Brian Desmond [EMAIL PROTECTED] To: ActiveDir@mail.activedir.org Sent: Saturday, January 27, 2007 6:47 PM Subject: RE: [ActiveDir] Overlapping AD Subnet Boundaries While your math is right you should look up supernetting and subnetting somewhere. Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir- [EMAIL PROTECTED] On Behalf Of Mathieu CHATEAU Sent: Saturday, January 27, 2007 4:17 AM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Overlapping AD Subnet Boundaries In my opinion, there is a pure TCP/IP network issue... A sample example: The DC is 10.10.0.1 with a netmask of 255.255.0.0 (/16 as indicated). if you try to ping 10.10.41.104, it will try to communicate on the LAN, seeking its arp. It won't send packet to the gateway since 10.10.41.0 must be on the LAN. The only way to get it work is to use a Layer 2 link between both site. Regards, Mathieu CHATEAU http://lordoftheping.blogspot.com - Original Message - From: Almeida Pinto, Jorge de [EMAIL PROTECTED] To: ActiveDir@mail.activedir.org Sent: Friday, January 26, 2007 11:37 PM Subject: RE: [ActiveDir] Overlapping AD Subnet Boundaries it will go for the second site 10.10.41.0/24 (= best matching) Met vriendelijke groeten / Kind regards, Ing. Jorge de Almeida Pinto Senior Infrastructure Consultant MVP Windows Server - Directory Services LogicaCMG Nederland B.V. (BU RTINC Eindhoven) ( Tel : +31-(0)40-29.57.777 ( Mobile : +31-(0)6-26.26.62.80 * E-mail : see sender address From: [EMAIL PROTECTED] on behalf of Brian Cline Sent: Fri 2007-01-26 22:19 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Overlapping AD Subnet Boundaries Say I create an AD subnet of 10.10.0.0/16 and assign it to our primary site, and another subnet as 10.10.41.0/24 and assign it to a secondary site. Will AD treat a client address of, say, 10.10.41.104 as a client on the secondary site, or will it default to the more general primary subnet? The reason I ask is we now have a need for a second AD site (I can see all the enterprise folks grinning now) and we have quite a number of other subnets that I'd have to manually enter if this is not the case. I don't mind doing it, but I was curious either way. Brian Cline, Applications Developer Department of Information Technology GP Trucking Company, Inc. 803.936.8595 Direct Line 800.922.1147 Toll-Free (x8595) 803.739.1176 Fax This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you
Re: [ActiveDir] Overlapping AD Subnet Boundaries
Overlapping AD Subnet Boundariesis it really 10.10.0.0/16 or a mistake (/24) ? Because your first site won't be able to joint the other one as it will think it's local and won't sent packet to the gateway (if it's really a /16). If it's a real /24, then it will works as expected (10.10.41.104 will be attached to the secondary site). If it's a /16 and you need router between both site, your configuration can't work from a network point of view. Regards, Mathieu CHATEAU http://lordoftheping.blogspot.com - Original Message - From: Brian Cline To: ActiveDir@mail.activedir.org Sent: Friday, January 26, 2007 10:19 PM Subject: [ActiveDir] Overlapping AD Subnet Boundaries Say I create an AD subnet of 10.10.0.0/16 and assign it to our primary site, and another subnet as 10.10.41.0/24 and assign it to a secondary site. Will AD treat a client address of, say, 10.10.41.104 as a client on the secondary site, or will it default to the more general primary subnet? The reason I ask is we now have a need for a second AD site (I can see all the enterprise folks grinning now) and we have quite a number of other subnets that I'd have to manually enter if this is not the case. I don't mind doing it, but I was curious either way. Brian Cline, Applications Developer Department of Information Technology GP Trucking Company, Inc. 803.936.8595 Direct Line 800.922.1147 Toll-Free (x8595) 803.739.1176 Fax
RE: [ActiveDir] Overlapping AD Subnet Boundaries
I don't know how AD would handle it. However, if someone else chimes in with That will blow everything up! then it seems like maybe you could go with /19 or /20 networks at the primary site in AD and then manually add any of the other ones that don't fit nicely. Maybe that could save you some work?? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Cline Sent: Friday, January 26, 2007 3:20 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Overlapping AD Subnet Boundaries Say I create an AD subnet of 10.10.0.0/16 and assign it to our primary site, and another subnet as 10.10.41.0/24 and assign it to a secondary site. Will AD treat a client address of, say, 10.10.41.104 as a client on the secondary site, or will it default to the more general primary subnet? The reason I ask is we now have a need for a second AD site (I can see all the enterprise folks grinning now) and we have quite a number of other subnets that I'd have to manually enter if this is not the case. I don't mind doing it, but I was curious either way. Brian Cline, Applications Developer Department of Information Technology GP Trucking Company, Inc. 803.936.8595 Direct Line 800.922.1147 Toll-Free (x8595) 803.739.1176 Fax
RE: [ActiveDir] Overlapping AD Subnet Boundaries
An AD client will try to associate itself with the site that it is most specific for its IP. Mike Thommes From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Cline Sent: Friday, January 26, 2007 3:20 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Overlapping AD Subnet Boundaries Say I create an AD subnet of 10.10.0.0/16 and assign it to our primary site, and another subnet as 10.10.41.0/24 and assign it to a secondary site. Will AD treat a client address of, say, 10.10.41.104 as a client on the secondary site, or will it default to the more general primary subnet? The reason I ask is we now have a need for a second AD site (I can see all the enterprise folks grinning now) and we have quite a number of other subnets that I'd have to manually enter if this is not the case. I don't mind doing it, but I was curious either way. Brian Cline, Applications Developer Department of Information Technology GP Trucking Company, Inc. 803.936.8595 Direct Line 800.922.1147 Toll-Free (x8595) 803.739.1176 Fax
Re: [ActiveDir] Overlapping AD Subnet Boundaries
What is the criteria you are using to say you need another site? That's the first question to ask - maybe you think you need one and you don't -- Chuck
RE: [ActiveDir] Overlapping AD Subnet Boundaries
it will go for the second site 10.10.41.0/24 (= best matching) Met vriendelijke groeten / Kind regards, Ing. Jorge de Almeida Pinto Senior Infrastructure Consultant MVP Windows Server - Directory Services LogicaCMG Nederland B.V. (BU RTINC Eindhoven) ( Tel : +31-(0)40-29.57.777 ( Mobile : +31-(0)6-26.26.62.80 * E-mail : see sender address From: [EMAIL PROTECTED] on behalf of Brian Cline Sent: Fri 2007-01-26 22:19 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Overlapping AD Subnet Boundaries Say I create an AD subnet of 10.10.0.0/16 and assign it to our primary site, and another subnet as 10.10.41.0/24 and assign it to a secondary site. Will AD treat a client address of, say, 10.10.41.104 as a client on the secondary site, or will it default to the more general primary subnet? The reason I ask is we now have a need for a second AD site (I can see all the enterprise folks grinning now) and we have quite a number of other subnets that I'd have to manually enter if this is not the case. I don't mind doing it, but I was curious either way. Brian Cline, Applications Developer Department of Information Technology GP Trucking Company, Inc. 803.936.8595 Direct Line 800.922.1147 Toll-Free (x8595) 803.739.1176 Fax This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. winmail.dat
Re: [ActiveDir] Overlapping AD Subnet Boundaries
What I would be interested to find out is: 1. What is the WAN link speed for the proposed 2nd AD site? 2. How much free available bandwidth do you have between the two desired sites? 3. How many users sit in the proposed 2nd AD site? If you have a fast reliable WAN connection (like a pair of bonded T-1s or higher) between the 2 sites then perhaps you don't need the 2nd site. I understand subnetting and it's possible to use a different subnet mask to achieve a separate subnet. However there should be a compelling reason to go to a second AD site before deploying it that requires it as this might save you making things more complex than required. Regards, Chuck
RE: [ActiveDir] Overlapping AD Subnet Boundaries
Yes. I have done this in organizations with hundreds of sites and a well designed subnetting scheme. Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Cline Sent: Friday, January 26, 2007 4:20 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Overlapping AD Subnet Boundaries Say I create an AD subnet of 10.10.0.0/16 and assign it to our primary site, and another subnet as 10.10.41.0/24 and assign it to a secondary site. Will AD treat a client address of, say, 10.10.41.104 as a client on the secondary site, or will it default to the more general primary subnet? The reason I ask is we now have a need for a second AD site (I can see all the enterprise folks grinning now) and we have quite a number of other subnets that I'd have to manually enter if this is not the case. I don't mind doing it, but I was curious either way. Brian Cline, Applications Developer Department of Information Technology GP Trucking Company, Inc. 803.936.8595 Direct Line 800.922.1147 Toll-Free (x8595) 803.739.1176 Fax
RE: [ActiveDir] Overlapping AD Subnet Boundaries
Chuck- Unfortunately I think your reasoning is a bit short sighted here. You can't make any of these assumptions without understanding the OP's environment both regard to business and technical requirements. A T1 is way more than enough for hundreds of PCs to go to a DC across the WAN. While a couple of MLPPP T1s might be nice it's certainly not necessary. Logon traffic isn't that heavy. The number of users at a site is usually not the driver so much as the number of workstations. Workstations are the limiting factor - you can have 100 guys someplace but they might share 10 PCs. The business requirement is a real simple question - if the WAN link goes down will business continue at this site? If not, adding a DC doesn't do anything but cost money - doesn't matter whether users can log on. With cached credentials even when the link does go down they'll still be able to logon to their usual PCs anyway. Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, January 26, 2007 7:36 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Overlapping AD Subnet Boundaries What I would be interested to find out is: 1. What is the WAN link speed for the proposed 2nd AD site? 2. How much free available bandwidth do you have between the two desired sites? 3. How many users sit in the proposed 2nd AD site? If you have a fast reliable WAN connection (like a pair of bonded T-1s or higher) between the 2 sites then perhaps you don't need the 2nd site. I understand subnetting and it's possible to use a different subnet mask to achieve a separate subnet. However there should be a compelling reason to go to a second AD site before deploying it that requires it as this might save you making things more complex than required. Regards, Chuck
Re: [ActiveDir] Overlapping AD Subnet Boundaries
Brian, Thanks for the feedback - yes I think two T-1s or maybe even one is overkill. But you do have to consider the WAN infrastructure before determining sites. The number of users is a factor if you consider each user is probably on a workstation. In the scenario we never had the information of why a separate site was being decided. I'm not sure the person in question really needs a site and that's why I'm asking these questions -- you could technically have a fractional T-1 link and a handful of users and still stay with a single site rather than having a remote site. There are two areas of consideration -- authentication traffic but also replication traffic so both have to be included. I've personally found that a lot of people will decide to create additional sites when they often don't need to be created. Regards, Chuck