Is creating Sites and Subnets a must in AD Sites and Services?
I have a fair small AD environment. DC1, 2 and 3 at main office and DC4 at the only branch office. 60 users at main and 5 at branch connected by a P2P T1. Everything is working fine.
Today I ran the "Microsoft IT Environment Health" check, and got the errors against each DC.
error 1:Error: The DC1 server does not contain an IP Address that can be authenticated from a defined subnet.
error 2: Error: The DC1 domain controller does not have an IP address that matches the subnet definitions for the Default-First-Site-Name Active Directory site where the domain controller is located.
So I went into AD Sites and Services console, and found out all 4 DCs are in "Default-First-Site-Name/Servers" folder, and it's empty in "Subnets" folder.
Since we don't experience problems, I prefer NOT to change them. Do you see any potential problems here?
The only thing I have seen is sometimes computers at main site would authenticate via the DC at branch office.
Any advice is appreciated.
Thanks
Calvin
July 5th, 2011 1:00pm
You should add approperiate subnets in Active Directory Sites and Services, all subnets from your company that uses AD authentication should be added (this way you will prevent warning / erros in event log).
Addtionally I would create a new site forbranch office and move DC4 to it.
Those operations are safe so you won't crash anything and in the result your AD will reflect real life design. Placing DC in proper sites is also important in respect to replication between DCs , login process [users should authenticate on their local DC],
and site aware services like DFS for example.
As a side note it is also recommended to rename default-first-site-name to something more meaningful
With kind regards
Krystian Zieja
http://www.projectenvision.com
Follow me on twitter
My Blog
Free Windows Admin Tool Kit Click here and download it now
July 5th, 2011 1:14pm
I agree with Krystian.Zieja....
However, to answer your question "Is creating Sites and Subnets a must in AD Sites and Services?", the answer is NO...its not required for AD to function. However, you will not be able to manage/control which DCs authenticate your users and/or replication
traffic between sites.Visit: anITKB.com, an IT Knowledge Base.
July 5th, 2011 4:38pm
Hello,
you have to create two AD sites: one for the main office and the other for the branch office. Once created, add DC 1, 2 and 3 to the main office site and DC 4 to the branch office site. Also, create the used subnets and affect them to the correct site.
Like that, all should be okay.
This
posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Microsoft
Student Partner 2010 / 2011
Microsoft Certified
Professional
Microsoft Certified
Systems Administrator: Security
Microsoft Certified
Systems Engineer: Security
Microsoft Certified
Technology Specialist: Windows Server 2008 Active Directory, Configuration
Microsoft Certified
Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
Microsoft Certified
Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
Microsoft Certified
Technology Specialist: Windows 7, Configuring
Microsoft Certified
IT Professional: Enterprise Administrator
Free Windows Admin Tool Kit Click here and download it now
July 5th, 2011 4:42pm