Active Directory and more than 254 IPs

Hello,

Sorry for dummy question, but could you please explain how can I provide AD
service for more than 254 computers?

My current setup is the following:

Windows 2003 Server SP1 acting as a Domain Controller and AD-enabled DNS and
DHCP server (IP: 192.168.1.2/255.255.255.0). Users are utilizing
192.168.1.0/24 network. Now, I have to join another 200 PCs into domain. How
can I configure Domain Controller to provide AD for another network (let's
say 192.168.2.0/24)? Shall I install additional network card or another DC is
necessary? Assuming that there will be a router routing 192.168.2.0/24
network what should I do on DC to enable 192.168.2.0/24 users to join domain?

Thank you very much.

1. You will need an IP router to route between the two subnets. The
router will have an interface in each subnet. (Do not use your DC for this!)
You will need an extra scope in DHCP for the new subnet. You will need an
extra reverse lookup zone in DNS (for the new subnet) if you use reverse
lookup. A second DC (and DNS server) is always a good idea but you don't
need one for each subnet.

The machines in the new subnet should have no trouble joining the
domain if you set up the routing correctly. They will still get the
necessary info from DNS to find the DC. Is your network connected to the
Internet? What do the machines on the LAN use as their default gateway?

"Roman" <(E-Mail Removed)> wrote in message
news:C184A18E-6998-45DC-8C8F-(E-Mail Removed)...
> Hello,
>
> Sorry for dummy question, but could you please explain how can I provide
> AD
> service for more than 254 computers?
>
> My current setup is the following:
>
> Windows 2003 Server SP1 acting as a Domain Controller and AD-enabled DNS
> and
> DHCP server (IP: 192.168.1.2/255.255.255.0). Users are utilizing
> 192.168.1.0/24 network. Now, I have to join another 200 PCs into domain.
> How
> can I configure Domain Controller to provide AD for another network (let's
> say 192.168.2.0/24)? Shall I install additional network card or another DC
> is
> necessary? Assuming that there will be a router routing 192.168.2.0/24
> network what should I do on DC to enable 192.168.2.0/24 users to join
> domain?
>
> Thank you very much.

Thank you a lot Bill!

The default router for current 192.168.1.0/24 network is 192.168.1.1 (it is
Cisco router doing NAT).

As I understood you correctly, I would need another router with one
interface belonging to 192.168.1.0/24 network and another interface belonging
to 192.168.2.0/24 network. If the routing was done properly 192.168.2.0/24
users will be able to get 192.168.2.0/24 IP addresses from 192.168.1.2 DHCP
server and use 192.168.1.2 as DNS server? Is that correct?

Do I need to configure 192.168.2.0/24 network somewhere in AD? I understand
the new DHCP scope should be defined, as well as extra reverse lookup zone in
DNS - is there anything else I should add?

Thank you!

"Bill Grant" wrote:
>
> 1. You will need an IP router to route between the two subnets. The
> router will have an interface in each subnet. (Do not use your DC for this!)
> You will need an extra scope in DHCP for the new subnet. You will need an
> extra reverse lookup zone in DNS (for the new subnet) if you use reverse
> lookup. A second DC (and DNS server) is always a good idea but you don't
> need one for each subnet.
>
> The machines in the new subnet should have no trouble joining the
> domain if you set up the routing correctly. They will still get the
> necessary info from DNS to find the DC. Is your network connected to the
> Internet? What do the machines on the LAN use as their default gateway?
>
> "Roman" <(E-Mail Removed)> wrote in message
> news:C184A18E-6998-45DC-8C8F-(E-Mail Removed)...
> > Hello,
> >
> > Sorry for dummy question, but could you please explain how can I provide
> > AD
> > service for more than 254 computers?
> >
> > My current setup is the following:
> >
> > Windows 2003 Server SP1 acting as a Domain Controller and AD-enabled DNS
> > and
> > DHCP server (IP: 192.168.1.2/255.255.255.0). Users are utilizing
> > 192.168.1.0/24 network. Now, I have to join another 200 PCs into domain.
> > How
> > can I configure Domain Controller to provide AD for another network (let's
> > say 192.168.2.0/24)? Shall I install additional network card or another DC
> > is
> > necessary? Assuming that there will be a router routing 192.168.2.0/24
> > network what should I do on DC to enable 192.168.2.0/24 users to join
> > domain?
> >
> > Thank you very much.
>
>
>

That seems like overkill, you can actually use CIDR to borrow addresses
from the network portion of the address and keep them all on the same
network. On the internet they actually want to move the other way and
give fewer addresses per network but playing with the subnet mask
properly would give you more than 254 addresses on a single network.

Joe


Roman wrote:
> Thank you a lot Bill!
>
> The default router for current 192.168.1.0/24 network is 192.168.1.1 (it is
> Cisco router doing NAT).
>
> As I understood you correctly, I would need another router with one
> interface belonging to 192.168.1.0/24 network and another interface belonging
> to 192.168.2.0/24 network. If the routing was done properly 192.168.2.0/24
> users will be able to get 192.168.2.0/24 IP addresses from 192.168.1.2 DHCP
> server and use 192.168.1.2 as DNS server? Is that correct?
>
> Do I need to configure 192.168.2.0/24 network somewhere in AD? I understand
> the new DHCP scope should be defined, as well as extra reverse lookup zone in
> DNS - is there anything else I should add?
>
> Thank you!
>
> "Bill Grant" wrote:
> >
> > 1. You will need an IP router to route between the two subnets. The
> > router will have an interface in each subnet. (Do not use your DC for this!)
> > You will need an extra scope in DHCP for the new subnet. You will need an
> > extra reverse lookup zone in DNS (for the new subnet) if you use reverse
> > lookup. A second DC (and DNS server) is always a good idea but you don't
> > need one for each subnet.
> >
> > The machines in the new subnet should have no trouble joining the
> > domain if you set up the routing correctly. They will still get the
> > necessary info from DNS to find the DC. Is your network connected to the
> > Internet? What do the machines on the LAN use as their default gateway?
> >
> > "Roman" <(E-Mail Removed)> wrote in message
> > news:C184A18E-6998-45DC-8C8F-(E-Mail Removed)...
> > > Hello,
> > >
> > > Sorry for dummy question, but could you please explain how can I provide
> > > AD
> > > service for more than 254 computers?
> > >
> > > My current setup is the following:
> > >
> > > Windows 2003 Server SP1 acting as a Domain Controller and AD-enabled DNS
> > > and
> > > DHCP server (IP: 192.168.1.2/255.255.255.0). Users are utilizing
> > > 192.168.1.0/24 network. Now, I have to join another 200 PCs into domain.
> > > How
> > > can I configure Domain Controller to provide AD for another network (let's
> > > say 192.168.2.0/24)? Shall I install additional network card or another DC
> > > is
> > > necessary? Assuming that there will be a router routing 192.168.2.0/24
> > > network what should I do on DC to enable 192.168.2.0/24 users to join
> > > domain?
> > >
> > > Thank you very much.
> >
> >
> >

To get the second subnet access to the Internet, you will need to add a
static route to the Cisco (so that it knows how to reach the "new" subnet).
DHCP should work as long as the router has DHCP relay active. This allows
requests received on the 192.168.2 interface of the router to be forwarded
to the DNS server in the other subnet.

The routing would look like this.

Internet
|
public IP
Cisco {static route 192.168.2.0 255.255.255.0 192.168.1.254}
192.168.1.1
|
LAN machines (including the DC)
192.168.1.x dg 192.168.1.1
|
192.168.1.254 dg 192.168.1.1
router
192.168.2.1 dg blank
|
workstations
192.168.2.x dg 192.168.2.1

Machines in either subnet can access all machines in the
"other" subnet and get to the Internet using NAT on the Cisco. All machines
use the same DNS server.

I can't think of anything that needs to be changed in AD.

"Roman" <(E-Mail Removed)> wrote in message
news:B5E1E59E-C728-4841-A1ED-(E-Mail Removed)...
> Thank you a lot Bill!
>
> The default router for current 192.168.1.0/24 network is 192.168.1.1 (it
> is
> Cisco router doing NAT).
>
> As I understood you correctly, I would need another router with one
> interface belonging to 192.168.1.0/24 network and another interface
> belonging
> to 192.168.2.0/24 network. If the routing was done properly 192.168.2.0/24
> users will be able to get 192.168.2.0/24 IP addresses from 192.168.1.2
> DHCP
> server and use 192.168.1.2 as DNS server? Is that correct?
>
> Do I need to configure 192.168.2.0/24 network somewhere in AD? I
> understand
> the new DHCP scope should be defined, as well as extra reverse lookup zone
> in
> DNS - is there anything else I should add?
>
> Thank you!
>
> "Bill Grant" wrote:
>>
>> 1. You will need an IP router to route between the two subnets. The
>> router will have an interface in each subnet. (Do not use your DC for
>> this!)
>> You will need an extra scope in DHCP for the new subnet. You will need an
>> extra reverse lookup zone in DNS (for the new subnet) if you use reverse
>> lookup. A second DC (and DNS server) is always a good idea but you don't
>> need one for each subnet.
>>
>> The machines in the new subnet should have no trouble joining the
>> domain if you set up the routing correctly. They will still get the
>> necessary info from DNS to find the DC. Is your network connected to the
>> Internet? What do the machines on the LAN use as their default gateway?
>>
>> "Roman" <(E-Mail Removed)> wrote in message
>> news:C184A18E-6998-45DC-8C8F-(E-Mail Removed)...
>> > Hello,
>> >
>> > Sorry for dummy question, but could you please explain how can I
>> > provide
>> > AD
>> > service for more than 254 computers?
>> >
>> > My current setup is the following:
>> >
>> > Windows 2003 Server SP1 acting as a Domain Controller and AD-enabled
>> > DNS
>> > and
>> > DHCP server (IP: 192.168.1.2/255.255.255.0). Users are utilizing
>> > 192.168.1.0/24 network. Now, I have to join another 200 PCs into
>> > domain.
>> > How
>> > can I configure Domain Controller to provide AD for another network
>> > (let's
>> > say 192.168.2.0/24)? Shall I install additional network card or another
>> > DC
>> > is
>> > necessary? Assuming that there will be a router routing 192.168.2.0/24
>> > network what should I do on DC to enable 192.168.2.0/24 users to join
>> > domain?
>> >
>> > Thank you very much.
>>
>>
>>