locked
AD Sites And Services Question RRS feed

  • Question

  • So we have a network that contains two main sites, one in Florida and one in Alabama. Within each of those sites we have smaller branch offices. In AD Sites And Services we have two "Sites" FL and AL. In those sites I have multiple subnets for each of the smaller branch offices. I have a class "B" network 172.16.8.0/23 for FL that covers the basic OP's center buildings. I then have branch offices in different cities of FL that will have a 172.16.X.0/24 network where "X" will be the octet that defines the specific location. There are about 12 if these /24 subnets in Sites and Services and for the AL site I have a 10.12.X.0/24 subnet for each of the branch offices there as well. My question is, in the ADS&S there is also a 172.16.0.0/16 subnet listed and a 10.12.0.0/16 subnet as well as all the other smaller /24 sites. Do I need the /16 subnets listed in ADS&S if I already have the /24 subnets defined for each site? Would this cause confusion in each site to have such a large /16 subnet defined when computers log on and try to determine which site they are supposed to be a part of? Some of the /24 sites do not have a DC in them and authenticate against a DC that is closest to them so I'm wondering if I should get rid of the /16 subnets to make it more defined when computers log on. I hope this makes sense and please let me know if you need any clarification. Below is a screenshot of what we have.

    

    Thanks!


    Chad Guiney


    • Edited by Charlie4872 Thursday, August 18, 2016 6:30 PM
    Thursday, August 18, 2016 6:26 PM

Answers

  • There is a function called DsGetDcName that is used by a lot of application, including the logon process.  It will query DC based on the client IP address (that refer to Sites & Services).

    If you have overlaping in Sites & Services, the DsGetDcName funtion may receive a wrong value because there is more than one possibility.
    ex: (172.16.0.0 / 16   OR   172.16.4.0 / 24)

    So instead of authenticate using the closest DC, you could be authenticated with a DC in a site where the link speed is not very good.

    Tis is why you should avoid create subnet overlaping.

    Ref: https://msdn.microsoft.com/en-us/library/ms675983(v=vs.85).aspx

    hth


    This posting is provided AS IS without warranty of any kind

    • Marked as answer by Charlie4872 Thursday, August 18, 2016 7:32 PM
    Thursday, August 18, 2016 7:27 PM

All replies

  • Well, it depends...

    Try to avoid having a 172.12.x.x / 16 subnet with multiple 172.12.x.x / 24 subnet because it will cause Overlaping. 

    I would create only the subnets that reflect the reality because it's easier to manage Sites & Services...but it's a personal choice.

    I would do something like this:


    This posting is provided AS IS without warranty of any kind

    Thursday, August 18, 2016 7:02 PM
  • That's exactly what I was thinking as well. As far as the overlap, what would be consequences of that? I have noticed that running the command "SET" in a command prompt on a PC shows me a logon server in a different site then they really physically in or in cases where there is no DC, in a site that is not necessarily geographically closest to them. I'm wondering if the overlap would cause something like that since the /16 subnet is listed it covers many sites for the computer to "choose" from for authentication.

    Thanks for the response!


    Chad Guiney

    Thursday, August 18, 2016 7:10 PM
  • There is a function called DsGetDcName that is used by a lot of application, including the logon process.  It will query DC based on the client IP address (that refer to Sites & Services).

    If you have overlaping in Sites & Services, the DsGetDcName funtion may receive a wrong value because there is more than one possibility.
    ex: (172.16.0.0 / 16   OR   172.16.4.0 / 24)

    So instead of authenticate using the closest DC, you could be authenticated with a DC in a site where the link speed is not very good.

    Tis is why you should avoid create subnet overlaping.

    Ref: https://msdn.microsoft.com/en-us/library/ms675983(v=vs.85).aspx

    hth


    This posting is provided AS IS without warranty of any kind

    • Marked as answer by Charlie4872 Thursday, August 18, 2016 7:32 PM
    Thursday, August 18, 2016 7:27 PM
  • Excellent that makes perfect sense to me. Thanks again for the quick response!!

    Chad Guiney

    Thursday, August 18, 2016 7:32 PM