SIGforum.com Main Page The Lounge Looking for a little help from our member IT experts. Thanks. - Original post updated.
Main Page The Lounge Looking for a little help from our member IT experts. Thanks. - Original post updated.Page 1 2
Go | New | Find | Notify | Tools | Reply | |
| Member |
Thanks to everyone for your comments and suggestions. What I am needing to do was set up and functional not long ago. The domain crashed and had to be rebuilt. I inherited the original, pre-crash environment and do not know how the configuration was accomplished. Allow me to further explain what I am attempting to do. The domain controller, which I have been calling the AD server, performs all the functions, user account management, machine account management, DNS and etc. DHCP is set up but I assign all IP’s to servers and workstations. Yes, there is a backup controller as well. Let’s say the domain name is acme.dev.com. I am needing all the servers to use an IP from the …10.x/24 range and all the workstations will be given IP’s from the …20.x/24 range. But all will be members of the same domain. In the previous configuration the NIC’s would list the primary and secondary controller as the DNS servers, but the default gateway would be dependent on from which IP range the IP was assigned. This is all part of a VMWare environment and all the networking has been configured to add this secondary IP range as a new VLAN in the ESXi environment. At this point just need to get the controllers configured. I hope this explanation helped clarify what I’m needing to do. | |||
|
quarter MOA visionary |
Is there a reason you are assigning the servers one subnet and the clients on another? How big is the network? I see a lot of people making assumptions which is why I have been asking questions without a specific recommendation. I also find that a network diagram can assist greatly with what you want to accomplish. Additionally, it appears that you are trying to piece your network back together but perhaps a complete redesign is in order. Once your DC's are dead and irreplaceable then start from scratch on your domain setup. There are many options to your setup but with limited data it is hard to propose a solution. Measure twice cut once. | |||
|
| Member |
In this environment I have close to 400 VM's in 2 different domains. These are development and test environments. The 2 domains are for 2 different projects. There are several groups of servers with multiple servers in each group. For example Dev1, Dev2, QA1, QA2, and Test groups. Each group will have the same number of members. For example 2 each DB server (OLAP, OLTP), IIS, job server and 2 Business Objects servers. Having the 2 different subnets allows me to assign IP addresses in a set pattern. for example in the DEV1 environment the SQL OLAP DB server can be ..10.20 and the OLTP can be ..10.21 In the DEV2 environment the same servers can be ...10.30 and ...10.31 respectfully, and so on. It just makes it easier for the developers and me as well. There are other various servers as well. Plus having the workstations on a different subnet offers another layer of security. These developers have pretty much full control over their VM workstations and use various types of tools. Also with the workstations being on a different subnet allows me to assign groups of IP's based on the OS of the VM. We have some Win10 and Win7 VM's. I know Win7 is no longer supported but our end customer still uses it in some locations so we have to develop to Win7 also. I hope this answers your question. | |||
|
| Alea iacta est |
What does "I assign all IPs" mean? Do you mean you configure reservations, or you are actually configuring static IPs on the workstations? Setting aside the fact that you say this "crashed" and you inherited the original "pre-crash environment", and also making the assumption that it was put back together correctly by a competent engineer who was aware the dangers of USN rollback, I am still at a loss as to what you're trying to do and what, exactly, isn't working. So, let's take a step back. Rather than you trying to tell us what it is you need our help with configuring, why don't you tell us what is working vs what is not working? I'm starting to get the impression that the 20.0/24 network is a net-new network to the environment. Simply configuring a new port group in vSphere is not sufficient for that network to communicate with existing networks. You need to define the VLAN on the upstream switches, makes sure that VLAN is allowed, and tagged, on the uplinks to the vSphere servers (assuming you are using trunk ports and not a pile of access ports), and then you need to make sure the new network has an SVI and is listed in the routing table of the switches. Quite literally, there is *nothing* that *needs* to be done to a windows DC in order for it to service an additional address space. Nothing. The addition of a reverse lookup zone is something that is normally viewed as "best practice", but is by no means a requirement. I've seen many, many environments without reverse lookup zones that function just fine. I mean, *I* would recommend configuring one, but the lack of one is not going to cause you any immediate problems. Keeping workstations on a different network than servers is also a good practice as it breaks up your broadcast domains. | |||
|
| Member |
I assign all IP's means that I enter the IP address into the NIC properties for each and every client server and workstation.. I do not allow DHCP to automatically assign IP addresses. I do this because of functional grouping of a set of servers. OK so you say - "Quite literally, there is *nothing* that *needs* to be done to a windows DC in order for it to service an additional address space. Nothing. The addition of a reverse lookup zone is something that is normally viewed as "best practice", but is by no means a requirement." SO the AD server is set up to use ...10.x/24. And I can configure the NIC to use an IP from 20.x/24 but set the DNS properties in the NIC to the DNS server on 10.x/24 and join the VM to the domain and all will run? User will authenticate to the 10.x/24 AD server?? | |||
|
Member |
The operative word is "nothing". As long as routes exist (which is normally done external to the AD), then a DNS server can serve DNS requests for any client IP regardless of what subnet that client resides on. For example, 8.8.8.8 is an external DNS server that google provides that you can configure on your client to resolve DNS requests. No extra config needed to be done to that server for you to use it as such. Simply "turn on DNS server" and ensure routes are good to go. You do not need to have a 2nd NIC configured on the .20 subnet in order for that server to provide DNS info to clients on that subnet. As long as the NIC that is on the .10 subnet is connected to the router and is configured with the router IP as the default gateway - you're done (with regards to the server config). This is where my signature goes. | |||
|
| Powered by Social Strata | Page 1 2 |
 | Please Wait. Your request is being processed... |
|
SIGforum.com Main Page The Lounge Looking for a little help from our member IT experts. Thanks. - Original post updated.
Main Page The Lounge Looking for a little help from our member IT experts. Thanks. - Original post updated.© SIGforum 2024