Hiyas, I have 3 2k8r2 DC's on my network which is spread between 3 buildings. All 3 buildings are connected via point to point wifi which essentially puts all 3 physical networks on the same subnet. due to location of the equipment where these are connected, i am well beyond the physical ethernet limit to put the wifi end points on my firewall device. So... for descriptor sake, imagine the 3 buildings are right next door to each other with an ethernet cable connecting switch to switch between each building... like this A-B-C Okay... so heres the delima. 2 of these buildings (A and B) have an internet connection, however, due to the layout of the network, only one is being used (in B). I've been directed by the powers at be to make use of this other connection. So I physically moved one of my DC's into that building (A) in preperation to begin utilizing this circuit. I'm not sure now what the best way is to accomplish using this circuit now. My initial thought is to set up DHCP on this server and create a new subnet. Take the connection that spans over to the next building off of one of the NIC's on the server so that it still communicates over the original subnet... but now that i'm thinking about that, i imagine i'm going to run into DNS problems because our web servers will still be on the original subnet and the machines at the location im changing won't be able to resolve the web servers. So at this point i'm not really sure what the best course of action is. Anyone have any thoughts?

Hi, Thank you for your post here. Before we get start, please answer the following questions to make us have a good understanding of your current environment: 1. Do you have separate IP subnets in those 3 buildings? If yes, what is the IPv4 address schema? 2. What do you want to accomplish? How would you like to utilize the internet connection in building (A)? Do you want to route the Internet access traffic from building (A) through the A's internet connection? If not, what else? 3. Since you have multiple subnets in the AD domain (if Q1 is true), do you have the AD sites configured? 4. Do you have DNS service installed on the DC which you moved to building (A)? 5. Does the web server have the internal A(host) record in the domain DNS zone? What happen if you install the DNS service on the DC building (A) and configure the clients to query this DNS server for name resolution?

Hiyas, sorry for the delay in response. Currently all 3 buildings are on a single subnet (10.0.0.0/22). My goal is to have everyone in building A rout its internet traffic out of its own circuit. Now, all of the users in the 3 buildings are frequently in the other buildings so being able to log on with the same credentials would be critical. DNS is running on all 3 of my DC's and the web servers all have host A records. being on the same subnet, DNS queries work as expected on the local intranet. I'm just concerned about setting up a new subnet for building A that the DNS queries will work, but traffic won't pass over to the other subnet with out a VPN tunnel or the like.

Hi, Yes, you can create a new subnet in building A and DNS queries/domain interactive logon would work as long as you have the proper routing between all subnets in all 3 buildings. Do you have routers implemented between the buildings/subnets?

ok i went back and forth on this for a while and decided to use RRAS to try to simplify things, atleast in building A. I've partially got it working, but not completely. Here's my current config: in building A, im moving the network to a 10.1.0.0/22 subnet. Building B is on 10.0.0.0/22 subnet I'm using 3 interfaces on the server to accomplish my goal here. One interface is set to the WAN public IP addy and is getting the interwebs. One interface is set to 10.1.0.1/22 and is servicing the LAN in Building A. The last interface is set to 10.0.0.48 (the original IP addy of this DC) and is connected to the lan in Building B here's what i ran through trying to get this mess to work... I set up NAT on the public interface and on the 10.1.0.1 interface, i set it to private. I then added a static route Dest: 10.0.0.0, sub: 255.255.252.0 GW: 10.0.0.48 on the 10.0.0.48 interface. That allowed me at that point to communicate on the server to the 10.0.0.0 subnet. however, client machines couldn't. So... I then added another NAT interface on the 10.0.0.48 and now clients on the 10.1 subnet can access resources on the 10.0 subnet... however not vice versa. I'm sure i screwed something up here... what am I missing?