none
VLAN

    Question

  • How could I setup a Windows domain controller with different VLAN ? What would be the Ip configuration setup for all the VLAN machines to work with single WINDOWS Domain Controller?

    I shall be thankful if someone help me asap.

    Thursday, April 26, 2012 10:27 AM

Answers

  • How could I setup a Windows domain controller with different VLAN ? What would be the Ip configuration setup for all the VLAN machines to work with single WINDOWS Domain Controller?

    I shall be thankful if someone help me asap.

    Seems to me , quesiton is more related to network.

    Please have this asked in http://social.technet.microsoft.com/Forums/en-US/winserverNIS/threads?page=1 you might be some answers over there.

    Regards,

    _Prashant_


    MCSA|MCITP SA|Microsoft Exchange 2003 Blog - http://prashant1987.wordpress.com Disclaimer: This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    Thursday, April 26, 2012 10:35 AM
  • You need to define VLAN on switches/router along with the routing path means which VLAN will take to other VLAN or subnet. There is no specific VLAN or IP range requirement to create AD. You need to talk to your network/security guys to configure VLAN or IP needs to be assigned to be DC. For DC always use static IP.

    If there is more then one site, you need to have connectivity and firewall ports needs to be adjusted between two sites.

    Active Directory and Active Directory Domain Services Port Requirements   http://technet.microsoft.com/en-us/library/dd772723%28v=ws.10%29.aspx


    Awinish Vishwakarma - MVP - Directory Services

    My Blog: awinish.wordpress.com

    Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    Thursday, April 26, 2012 10:39 AM
    Moderator
  • Hello,

    How could I setup a Windows domain controller with different VLAN ?

    You have to make sure that inter-VLAN routing is configured correctly so that the two DCs will be able to communicate together.

    Also, you have to make sure that needed ports for AD replication are opened in both directions:

    Use PortQry v2 for checking: http://social.technet.microsoft.com/wiki/contents/articles/584.active-directory-replication-over-firewalls.aspx


    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.   

    Microsoft Student Partner 2010 / 2011
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows 7, Configuring
    Microsoft Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
    Microsoft Certified IT Professional: Enterprise Administrator
    Microsoft Certified IT Professional: Server Administrator
    Microsoft Certified Trainer

    Thursday, April 26, 2012 11:07 AM
  • Hello,

    make sure the different subnets are connected either via the switch or a router and then this is just normal networking.

    If you don't have DHCP server in the VLAN you can use either DHCP relay agent installed on a server or you configure the route/switch to relay DHCP request to the DHCP server in the other subnet.


    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    Thursday, April 26, 2012 5:11 PM

All replies

  • How could I setup a Windows domain controller with different VLAN ? What would be the Ip configuration setup for all the VLAN machines to work with single WINDOWS Domain Controller?

    I shall be thankful if someone help me asap.

    Seems to me , quesiton is more related to network.

    Please have this asked in http://social.technet.microsoft.com/Forums/en-US/winserverNIS/threads?page=1 you might be some answers over there.

    Regards,

    _Prashant_


    MCSA|MCITP SA|Microsoft Exchange 2003 Blog - http://prashant1987.wordpress.com Disclaimer: This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    Thursday, April 26, 2012 10:35 AM
  • You need to define VLAN on switches/router along with the routing path means which VLAN will take to other VLAN or subnet. There is no specific VLAN or IP range requirement to create AD. You need to talk to your network/security guys to configure VLAN or IP needs to be assigned to be DC. For DC always use static IP.

    If there is more then one site, you need to have connectivity and firewall ports needs to be adjusted between two sites.

    Active Directory and Active Directory Domain Services Port Requirements   http://technet.microsoft.com/en-us/library/dd772723%28v=ws.10%29.aspx


    Awinish Vishwakarma - MVP - Directory Services

    My Blog: awinish.wordpress.com

    Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    Thursday, April 26, 2012 10:39 AM
    Moderator
  • Hello,

    How could I setup a Windows domain controller with different VLAN ?

    You have to make sure that inter-VLAN routing is configured correctly so that the two DCs will be able to communicate together.

    Also, you have to make sure that needed ports for AD replication are opened in both directions:

    Use PortQry v2 for checking: http://social.technet.microsoft.com/wiki/contents/articles/584.active-directory-replication-over-firewalls.aspx


    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.   

    Microsoft Student Partner 2010 / 2011
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows 7, Configuring
    Microsoft Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
    Microsoft Certified IT Professional: Enterprise Administrator
    Microsoft Certified IT Professional: Server Administrator
    Microsoft Certified Trainer

    Thursday, April 26, 2012 11:07 AM
  • Hello,

    make sure the different subnets are connected either via the switch or a router and then this is just normal networking.

    If you don't have DHCP server in the VLAN you can use either DHCP relay agent installed on a server or you configure the route/switch to relay DHCP request to the DHCP server in the other subnet.


    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    Thursday, April 26, 2012 5:11 PM
  • Hi,

    I do not want to configure DHCP, in spite of that how could a machine get an authentication or how could i add a machine to DC which is in different VLAN?

    Friday, April 27, 2012 6:34 AM
  • Hello,

    this is NOTHING about VLAN, you just have to assure connectivity between the ip subnets and as long this is assured you can authenticate to a DC in the other subnet, of course this requires a domain DNS server on the NIC.

    Again, configure netowkring correct and you can have DCs in multiple subnets without any problem.


    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    • Proposed as answer by Patris_70 Monday, April 30, 2012 12:35 PM
    Friday, April 27, 2012 6:46 AM
  • Hi,

    There is a connectivity among the subnets but problem is that when the machine is in different domain e.g(VLAN 2) 192.168.0.3 and the DC ip address is (VLAN 3)192.168.2.1 then i am unable to add the machine to the DC.

    Friday, April 27, 2012 7:04 AM
  • Hello,

    without connections between the VLANs you will NOT be able to connect the subnets, that's what i am talking about in each answer.


    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    • Proposed as answer by Patris_70 Monday, April 30, 2012 12:35 PM
    Friday, April 27, 2012 8:24 AM
  • You need to define the communication between two or more subnet or VLAN into your router or switch. Nothing can be done at the domain controller. It is purely a network misconfiguration issue not a DC issue.


    Awinish Vishwakarma - MVP - Directory Services

    My Blog: awinish.wordpress.com

    Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    • Proposed as answer by Patris_70 Monday, April 30, 2012 12:35 PM
    Friday, April 27, 2012 8:58 AM
    Moderator
  • Hi,

    Can u please give me the example with IP address how it will work in different VLAN and what configuration i have to change...

    Friday, April 27, 2012 8:59 AM
  • Hello,

    if you use 2 subnets you MUST connect them with routers or configure the switch correct, you should ask somebody that is able to explain you how to configure networking with your switches that have the VLANs enabled. Maybe the switch support forum from the vendor.

    This is definitelt NOT a problem belonging to Microsoft software or Directory services. Thank you for understanding.


    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    Friday, April 27, 2012 9:10 AM
  • The route is actually defined on the router, so you need to talk to your network/security admin to configure it on the router, so that different subnet or VLAN can talk to each other.


    Awinish Vishwakarma - MVP - Directory Services

    My Blog: awinish.wordpress.com

    Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    • Proposed as answer by Patris_70 Monday, April 30, 2012 12:35 PM
    Friday, April 27, 2012 9:10 AM
    Moderator
  • All the client on different VLAN should be able to communicate with DC.You need to contact the network administartor for the same and check how can be the n/w topology defined to achieve the same.Have a look at below link too

    One forest one domain multiple VLANs
    http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/9660a793-5307-42cb-87af-ead97483d408/

    Hope this helps


    Best Regards,

    Sandesh Dubey.

    MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator | My Blog

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Friday, April 27, 2012 9:25 AM
  • Hi

    I know that this is not a  issue of DC but a network issue, could you plz help me if i want run two different VLAN in a same switch and the DC is located in a third VLAN in the same switch how could i add those two machines from different VLAN to a DC which is in third VLAN.

    Monday, April 30, 2012 6:41 AM
  • Hi,

    You really need to get in touch with the reseller who sold you the switches and engage their help, or ask the question you're asking us on the manufacturer's forums. This just isn't the right place.

    As a pointer, if you're working with Nortel/Avaya gear then what you need to do is ensure that each port within the same switch is "tagged" for each VLAN you want the device connected to that port to communicate with. For example, if I have three VLANs: VLAN1, VLAN2, and VLAN3, then for a port to communicate across all three VLANs, I would need to "tag" each VLAN to the port.

    In the Cisco world things work differently. Here, you would quite likely need to take a look at something called "trunking", as Cisco doesn't (or didn't last time I checked) let you tag a variable number of VLANs if the number is greated than two.

    Again, just to reinforce my first paragraph - and what everyone before me has said: we cannot help you with detailed information on this forum as it is exclusively about Windows Server issues, not networking hardware configuration issues.

    Cheers,
    Lain

    • Proposed as answer by Patris_70 Monday, April 30, 2012 12:34 PM
    Monday, April 30, 2012 7:14 AM
  • It's ok for all your help...Thanks again..
    Monday, April 30, 2012 7:47 AM
  • Hi

    I know that this is not a  issue of DC but a network issue, could you plz help me if i want run two different VLAN in a same switch and the DC is located in a third VLAN in the same switch how could i add those two machines from different VLAN to a DC which is in third VLAN.

    Hello,

    as mentioned here very often this belongs to the switch vendor to help you with the configuration of the switch.


    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    • Proposed as answer by Patris_70 Monday, April 30, 2012 12:34 PM
    Monday, April 30, 2012 11:07 AM
  • Hello,

    You need Routing between VLANs.

    Here are examples for cisco, hp switches:

    Routing Between VLANs Overview

    Configuring InterVLAN Routing with Catalyst 3750/3560/3550 Series Switches

    InterVLAN Routing HP ProCurve

    IP Routing Between VLANs HP

    If you have both Cisco & HP and need routing between switches, here is info:

    ProCurve / Cisco Interoperability Guide

    Regards

    Monday, April 30, 2012 12:34 PM