Announcement

Collapse
No announcement yet.

Active Directory Sites - subnet association

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Active Directory Sites - subnet association

    Hello,

    I am required to create a new active directory site, which I have never done before.

    It seems pretty straight forward to be honest, but I am a little uncertain about subnet association.

    according to this technote: https://technet.microsoft.com/en-us/.../cc754697.aspx. "if your forest will have multiple sites, you must create subnets that assign IP addresses to Default-First-Site-Name as well as to all additional sites."

    to the new site I am creating I am only planning to associate two subnets. am I really required to associate the rest of my subnets to the default site? isn't there a rule I can create that if the subnet isn't explicitly set, then map to the default site? we have many subnets in our organization, and mapping each subnet will take a long time, and we will probably end up missing a few too.
    (also what happens to a subnet that isn't mapped to any site?)

    thanks for the help.

  • #2
    When you create a subnet you usually choose which site to associate it with (graphically)
    In bulk you could use Powershell to work with all your subnets
    http://www.lazywinadmin.com/2013/11/...te-subnet.html

    If you don't associate them correctly, clients may authenticate against a remote DC, also site level GPOs will not work
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      I was told that its also possible to make a loose assignment on a large subnet such as 192.168.0.0/18 to siteA and then more explicit assignment such as 192.168.1.0/24 to siteB.
      does this work? can anyone confirm this?

      Comment

      Working...
      X