That's fugly if I've ever seen it. How many boxes
are actually affected?
This
would require some serious white board time to figure out and a *good* network
engineer, but what about bypassing NAT for the exposed systems? The issue as it
stands right now is that the remote DC's are registered with addresses that
aren't exposed to the local DC's - what's the real impact of fixing
that?
At
the bare minimum, you should be able to add static routes to the side which is
receiving the NAT'ed addresses, in order to allow traffic to pass correctly.
After that, you should be able to work your cleanup magic.
I'd
also suggest repeated beatings for the offenders...
Roger
--------------------------------------------------------------
Roger D. Seielstad - MTS MCSE MS-MVP
Sr. Systems Administrator
Inovis Inc.
Roger D. Seielstad - MTS MCSE MS-MVP
Sr. Systems Administrator
Inovis Inc.
From: Grillenmeier, Guido [mailto:[EMAIL PROTECTED]
Sent: Saturday, June 05, 2004 10:10 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] AD in NATed environmentslast time I looked at replication of DCs in a NATed network, I was rather disappointed - basically this is was no-no. Simply due to name-resolution of the DCs (i.e. the IP-Address of a DC on one side of the NAT is not what it should be on the other side of the NAT etc.).wondering how other folks work around this, if you just happen to fall into one of these environments...? Trying to change the network is a major undertaking, which could take months or even years in larger companies - so mostly this is not an option. So do you- not use DDNS and manually register DCs on DNS servers (differently per DNS server, depending on which side of NAT...)?- use DDNS and work around the issues in other ways?- setup special DNS zones in some magic way that solves all the issues?- other ideas?I heard this is not supported by MS anyways - but I'd be open to any solution...Thanks,Guido
