Announcement

Collapse
No announcement yet.

AD on 2 networks

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • AD on 2 networks

    Hi all,

    My question might be a little naive. I'm rather new to Active Directory What would be the best design for 2 networks (located in one building) with 2 DCs. Is it better to have one DC per network or just have both of them on both networks by installing additional network cards. Both networks will be a single domain. Where up time will be important so if one DC is down the other one could serve both networks.

    Thanks all.
    Last edited by solvman; 6th October 2008, 15:41.

  • #2
    Re: AD on 2 networks

    Hi,

    Your answer is very simple but as you'll see you may get a variety of responses depending on certain information on your organisation.
    A little more information might attract better responses such as:
    How big the two subnets are? (I presume they are two different subnets)
    How are these subnets going to be linked physically?
    How is DNS going to be deployed?
    etc..

    Ta
    Caesar's cipher - 3

    ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

    SFX JNRS FC U6 MNGR

    Comment


    • #3
      Re: AD on 2 networks

      Originally posted by L4ndy View Post
      Hi,

      Your answer is very simple but as you'll see you may get a variety of responses depending on certain information on your organisation.
      A little more information might attract better responses such as:
      How big the two subnets are? (I presume they are two different subnets)
      How are these subnets going to be linked physically?
      How is DNS going to be deployed?
      etc..

      Ta
      They are acctually 2 different networks...they are not linked whatsoever. I have setup on DC on the first network and it does DNS for it (internally). I've got separate external DNS servers.

      Regards

      Comment


      • #4
        Re: AD on 2 networks

        Is there a reason why they aren't linked?
        If you want them completely separate then set them up with their own DCs (2 each though for fault tolerance).
        cheers
        Andy

        Please read this before you post:


        Quis custodiet ipsos custodes?

        Comment


        • #5
          Re: AD on 2 networks

          For security purposes mainly. I could link them together if it is neccessary. I'm just trying to see what would be the best set up in my situation.

          Comment


          • #6
            Re: AD on 2 networks

            Originally posted by solvman View Post
            Where up time will be important so if one DC is down the other one could serve both networks.
            If this is the case then they have to be linked, therefore you need both as part of the same AD. How many hosts are we talking about? Can you renumber one side / both sides so it makes it easier for you?
            cheers
            Andy

            Please read this before you post:


            Quis custodiet ipsos custodes?

            Comment


            • #7
              Re: AD on 2 networks

              I would rather keep them separate (if reliable solution exists), thought there is a way to rename subnets i would prefer not to. One side is about 100 workstations and the other one about 250.

              Originally posted by AndyJG247 View Post
              If this is the case then they have to be linked, therefore you need both as part of the same AD. How many hosts are we talking about? Can you renumber one side / both sides so it makes it easier for you?

              Comment


              • #8
                Re: AD on 2 networks

                If you want one DC to take the place of the other in a failure then you can't.
                What specifically needs to be kept seperate though?
                cheers
                Andy

                Please read this before you post:


                Quis custodiet ipsos custodes?

                Comment


                • #9
                  Re: AD on 2 networks

                  Originally posted by AndyJG247 View Post
                  If you want one DC to take the place of the other in a failure then you can't.
                  What specifically needs to be kept seperate though?
                  If that's the case I will have to move everthing on one network.

                  Comment


                  • #10
                    Re: AD on 2 networks

                    There is another option, but it depends on the type of information you need to protect. If you need to protect network resources located on one subnet from being accessed by users from other subnet, then you can get away with one AD with 2 DCs where both DCs can server both subnets.
                    Basically you create a VLAN dedicated for DCs and configure FW rules so that clients from the 2 subnets can access this VLAN (but not the other subnet).

                    (subnet A) <--FW--> (DC VLAN) <--FW--> (subnet B)

                    If the information contained in AD (user/computer account details, etc...) is not allowed to be accessed from the other network, you will have to build seperate AD for each network.
                    Guy Teverovsky
                    "Smith & Wesson - the original point and click interface"

                    Comment

                    Working...
                    X