Sites and Services Subnet Question

[tcambridge]

Hello,

I have a question on subnets for Sites and Services. We have a huge enterprise forest with lots of sites and DCs. I have been given three IP address ranges for our site:

128.28.X.X
128.29.X.X
128.30.X.X

As a local system admin, I have subnetted those three ranges based on our needs. Our two local domain controllers reside in the 128.30 (10.10 and 10.11) network on a subnetted VLAN. Our users are split between the 128.28 and 128.30 networks, also subnetted VLANs.

When I ping the domain (first.test.run.com) from any system on the 128.30.X.X (same and different VLANs), I get our local domain controllers, which is the way it should be. However, when I ping the domain from any system on the 128.28 or 128.29 networks, it resolves to random domain controllers not in our site and definitely further away than our own local DCs.

In Sites and Services (which I do not have control of) our IP address ranges are listed as:

128.28.0.0/23
128.30.0.0/24

My question is would the /23 mask as listed in Sites and Services be causing the issue? If not, what could possibly be the problem and subsequent resolution?

Thanks in advance...

Tim
Certified AND Qualified

 

[TechyMcSe2k]

For one, you are using Public IP (128.x.x.x) range for internal LAN. Your domain is trying to resolve those unanswered/unconfigured IP's by going to the internet DNS servers for resolutions.
NOTE your statement: "However, when I ping the domain from any system on the 128.28 or 128.29 networks, it resolves to random domain controllers not in our site and definitely further away than our own local DCs."

http://en.wikipedia.org/wiki/Private_network

Private ranges are:
10.x.x.x A class
172.16.x.x-172.31.255.255 B class
192.168.x.x C class
and 127.x.x.x for internal testing

http://www.samtechconsulting.com

_______________________________________
Great knowledge can be obtained by mastering the Google algorithm.

 

[tcambridge]

Techy,

Thanks for the response. I'm familiar with the IP class ranges for public and private. I just used those in my scenario.

Do you have any other input or suggestions? Any answers for my original question?

Tim
Certified AND Qualified

 

[TechyMcSe2k]

OK, thanks for clarification.
In sites and Services, do you have individual site links between networks? Or are all of your sites lumped into the Default Site Link, which bundles all DC's and therefore you could get any random DC in your network. Do you have seperate Sites in S&S with the proper subnet assigned to those sites? This allows seperation and the use on indiviaul site links; sort of a hub and spoke concept. Central DC's replicating only to each site link instead of a cluster effect. Also keeps yusers logging in properly from their site DC.

http://www.samtechconsulting.com

_______________________________________
Great knowledge can be obtained by mastering the Google algorithm.

 

[tcambridge]

We have multiple sites with links going to their respective subnets and DCs in the enterprise. When pinging the domain name, we can see all of the enterprise DCs, not just from our site.

Tim
Certified AND Qualified

 

[TechyMcSe2k]

In sites and services, are the replication links, under Site name, Servers, Server Name, NTDS Settings, "Automatically Genretaed"? Create new replication links and ermove the "AG's" This way you can specify which servers/sites talk to. Your environment may be utilizing MPLS network as a mesh environment just in case there is a network link failure. It will all be based on your network setup and configuration.

Best practices for Active Directory Sites and Services

http://technet.microsoft.com/en-us/library/cc755768(WS.10).aspx

I could just be over thinking all of this, so bear with me...

http://www.samtechconsulting.com

_______________________________________
Great knowledge can be obtained by mastering the Google algorithm.