Setting Up Active Directory Sites and Services for Cloud DCs

By
Elli Mongillo
-
0
7
Asked By TechGuru42 On

I work in an organization that manages around 32 networks divided into over 900 subnets. Currently, we have a single Active Directory (AD) site with a couple of defined subnets. We're planning to deploy Domain Controllers (DCs) into Azure, and I need to figure out the best way to set up AD sites and services without manually entering all 900 IP subnet ranges. Here's what I'm thinking:

- Our on-premise IPs fall within a 10.0.0.0/8 subnet.
- Our cloud IPs will range within 10.0.0.0/24.

If I configure it this way:
1. Assign 10.0.0.0/8 to the existing default site as a new subnet.
2. Create a new cloud site and assign it the range of 1.0.0.0/24.

Will anything with an IP between 10.0.0.1-254 utilize the cloud DCs, while everything else in the 10.XX.XX.XX range uses the on-premise DCs? Any insights would be greatly appreciated!

4 Answers

Answered By SubnetWizard On

Yes, that setup should work for you. Just be aware that AD sites and services aren't strict rules; clients can connect with any DC. Also, instead of typing out all 900 subnet ranges, can you summarize them? It would make your setup way more manageable. You might also want to explore using PowerShell or consult with your network team for help.

Answered By NetworkNinja91 On

Yes, you're right! In AD, the most specific subnet takes precedence. But keep in mind that clients will initially try to connect to any available DC in the domain to determine which site they belong to, so it's important that the on-prem DCs can still communicate with those in Azure.

Answered By CloudSage On

For security, it's smart to configure Network Security Groups (NSGs) for each resource group or device in Azure. Just open specific ports as necessary for each peering connection.

Answered By CloudExpert007 On

Definitely! If you have overlapping AD subnets, AD will choose the longer subnet mask (the /24 in this case) for clients. My only concern is that managing a giant /8 AD site can cause issues with WAN performance. If you have multiple on-prem sites, it might be wise to split them up to enhance client and server interactions.

Related Questions

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.