locked
Single SCCM Site - 2 forests and IP Subnet overlap RRS feed

  • Question

  • Hello folks,

    I have a customer that currently has one SCCM Primary site, total of 3 DPs. There is 2 domains in the company that contain clients, for historical reasons. There is a two way trust in place.

    I have noted there is IP Subnet overlap across the 2 domains in one specific AD site. 

    My question is - given the overlap above, and assuming nothing can be done about this in the short term, does this pose a problem/barrier for correct SCCM operation, if, for the site/subnets in question, the same DP is used? (The subnet boundary is currently defined manually in SCCM).

    Many thanks.

    Thursday, May 31, 2018 3:27 PM

Answers

  • Technically yes as overlapped subnets and NATing are not supported.

    If however, the same DP, MP, and SUP are used for the overlaps, then its really not an actual issue and ConfigMgr won't know any different.


    Jason | https://home.configmgrftw.com | @jasonsandys

    • Marked as answer by wntp77 Thursday, May 31, 2018 9:39 PM
    Thursday, May 31, 2018 3:54 PM

All replies

  • Technically yes as overlapped subnets and NATing are not supported.

    If however, the same DP, MP, and SUP are used for the overlaps, then its really not an actual issue and ConfigMgr won't know any different.


    Jason | https://home.configmgrftw.com | @jasonsandys

    • Marked as answer by wntp77 Thursday, May 31, 2018 9:39 PM
    Thursday, May 31, 2018 3:54 PM
  • Thanks for the clarification Jason.
    Thursday, May 31, 2018 9:39 PM
  • Hi Jason just a slight extended question on this topic if you dont mind. Currently it appears the boundaries are defined as IP subnets in SCCM. The company has VLSM subnets in use. Should I remove these subnets and use IP ranges instead? As I have heard from a certain little birdie of issues with IP Subnets and VLSM (https://home.configmgrftw.com/ip-subnet-boundaries-are-evil/). Just double checking. 

    EDIT - is it also ok to add the in IP range definitions in parallel to the existing subnet defintions (provided there is no conflicts). Its a production system. Thanks.


    • Edited by wntp77 Friday, June 1, 2018 12:54 PM
    Friday, June 1, 2018 12:38 PM
  • I always *highly* recommend using IP address ranges and only IP address ranges.

    Yes it's possible to use both at the same time but keep in mind that they are not exactly the same so they may not line up perfectly.


    Jason | https://home.configmgrftw.com | @jasonsandys

    Friday, June 1, 2018 1:46 PM