Say I create an AD subnet of 10.10.0.0/16 and assign it to our primary
site, and another subnet as 10.10.41.0/24 and assign it to a secondary
site. Will AD treat a client address of, say, 10.10.41.104 as a client
on the secondary site, or will it default to the more general primary
subnet? The reason I ask is we now have a need for a second AD site (I
can see all the enterprise folks grinning now) and we have quite a
number of other subnets that I'd have to manually enter if this is not
the case. I don't mind doing it, but I was curious either way.
Brian Cline, Applications Developer
Department of Information Technology
G&P Trucking Company, Inc.
803.936.8595 Direct Line
800.922.1147 Toll-Free (x8595)
803.739.1176 Fax

AD Subnet Boundariesis it really 10.10.0.0/16 or a mistake (/24) ?
Because your first site won't be able to joint the other one as it will think it's local and won't sent packet to the gateway (if it's really a /16).

If it's a real /24, then it will works as expected (10.10.41.104 will be attached to the secondary site).

If it's a /16 and you need router between both site, your configuration can't work from a network point of view.
Regards,
Mathieu CHATEAU

Message
From: Brian Cline
To: ActiveDir (AT) mail (DOT) activedir.org
Sent: Friday, January 26, 2007 10:19 PM
Subject: [ActiveDir] AD Subnet Boundaries

Say I create an AD subnet of 10.10.0.0/16 and assign it to our primary site, and another subnet as 10.10.41.0/24 and assign it to a secondary site. Will AD treat a client address of, say, 10.10.41.104 as a client on the secondary site, or will it default to the more general primary subnet? The reason I ask is we now have a need for a second AD site (I can see all the enterprise folks grinning now) and we have quite a number of other subnets that I'd have to manually enter if this is not the case. I don't mind doing it, but I was curious either way.

Brian Cline, Applications Developer
Department of Information Technology
G&P Trucking Company, Inc.
803.936.8595 Direct Line
800.922.1147 Toll-Free (x8595)
803.739.1176 Fax

An AD client will try to associate itself with the site that it is most
specific for its IP.

Mike Thommes

From: ActiveDir-owner (AT) mail (DOT) activedir.org
[mailto:ActiveDir-owner (AT) mail (DOT) activedir.org] Behalf Brian Cline
Sent: Friday, January 26, 2007 3:20 PM
To: ActiveDir (AT) mail (DOT) activedir.org
Subject: [ActiveDir] AD Subnet Boundaries

Say I create an AD subnet of 10.10.0.0/16 and assign it to our primary
site, and another subnet as 10.10.41.0/24 and assign it to a secondary
site. Will AD treat a client address of, say, 10.10.41.104 as a client
on the secondary site, or will it default to the more general primary
subnet? The reason I ask is we now have a need for a second AD site (I
can see all the enterprise folks grinning now) and we have quite a
number of other subnets that I'd have to manually enter if this is not
the case. I don't mind doing it, but I was curious either way.

Brian Cline, Applications Developer
Department of Information Technology
G&P Trucking Company, Inc.
803.936.8595 Direct Line
800.922.1147 Toll-Free (x8595)
803.739.1176 Fax

it will go for the second site 10.10.41.0/24 (= best matching)

Met vriendelijke groeten / Kind regards,
Ing. Jorge de Almeida Pinto
Senior Infrastructure Consultant
MVP Windows Server - Directory Services

LogicaCMG Nederland B.V. (BU RTINC Eindhoven)
( Tel : +31-(0)40-29.57.777
( Mobile : +31-(0)6-26.26.62.80
* E-mail : <see sender address>

From: ActiveDir-owner (AT) mail (DOT) activedir.org on behalf of Brian Cline
Sent: Fri 2007-01-26 22:19
To: ActiveDir (AT) mail (DOT) activedir.org
Subject: [ActiveDir] AD Subnet Boundaries

Say I create an AD subnet of 10.10.0.0/16 and assign it to our primary site, and another subnet as 10.10.41.0/24 and assign it to a secondary site. Will AD treat a client address of, say, 10.10.41.104 as a client on the secondary site, or will it default to the more general primary subnet? The reason I ask is we now have a need for a second AD site (I can see all the enterprise folks grinning now) and we have quite a number of other subnets that I'd have to manually enter if this is not the case. I don't mind doing it, but I was curious either way.

Brian Cline, Applications Developer
Department of Information Technology
G&P Trucking Company, Inc.
803.936.8595 Direct Line
800.922.1147 Toll-Free (x8595)
803.739.1176 Fax

This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.

Yes. I have done this in organizations with hundreds of sites and a well designed subnetting scheme.

Thanks,
Brian Desmond
brian (AT) briandesmond (DOT) com

c - 312.731.3132

From: ActiveDir-owner (AT) mail (DOT) activedir.org [mailto:ActiveDir-owner (AT) mail (DOT) activedir.org] Behalf Brian Cline
Sent: Friday, January 26, 2007 4:20 PM
To: ActiveDir (AT) mail (DOT) activedir.org
Subject: [ActiveDir] AD Subnet Boundaries

Say I create an AD subnet of 10.10.0.0/16 and assign it to our primary site, and another subnet as 10.10.41.0/24 and assign it to a secondary site. Will AD treat a client address of, say, 10.10.41.104 as a client on the secondary site, or will it default to the more general primary subnet? The reason I ask is we now have a need for a second AD site (I can see all the enterprise folks grinning now) and we have quite a number of other subnets that I'd have to manually enter if this is not the case. I don't mind doing it, but I was curious either way.

Brian Cline, Applications Developer
Department of Information Technology
G&P Trucking Company, Inc.
803.936.8595 Direct Line
800.922.1147 Toll-Free (x8595)
803.739.1176 Fax

In my opinion, there is a pure TCP/IP network issue

A sample example:
The DC is 10.10.0.1 with a netmask of 255.255.0.0 (/16 as indicated).
if you try to ping 10.10.41.104, it will try to communicate on the LAN,
seeking its arp.
It won't send packet to the gateway since 10.10.41.0 must be on the LAN.

The only way to get it work is to use a Layer 2 link between both site.

Regards,
Mathieu CHATEAU

Message
From: "Almeida Pinto, Jorge de" <jorge.de.almeida.pinto (AT) logicacmg (DOT) com>
To: <ActiveDir (AT) mail (DOT) activedir.org>
Sent: Friday, January 26, 2007 11:37 PM
Subject: RE: [ActiveDir] AD Subnet Boundaries

it will go for the second site 10.10.41.0/24 (= best matching)

Met vriendelijke groeten / Kind regards,
Ing. Jorge de Almeida Pinto
Senior Infrastructure Consultant
MVP Windows Server - Directory Services

LogicaCMG Nederland B.V. (BU RTINC Eindhoven)
( Tel : +31-(0)40-29.57.777
( Mobile : +31-(0)6-26.26.62.80
* E-mail : <see sender address>

From: ActiveDir-owner (AT) mail (DOT) activedir.org on behalf of Brian Cline
Sent: Fri 2007-01-26 22:19
To: ActiveDir (AT) mail (DOT) activedir.org
Subject: [ActiveDir] AD Subnet Boundaries

Say I create an AD subnet of 10.10.0.0/16 and assign it to our primary site,
and another subnet as 10.10.41.0/24 and assign it to a secondary site. Will
AD treat a client address of, say, 10.10.41.104 as a client on the secondary
site, or will it default to the more general primary subnet? The reason I
ask is we now have a need for a second AD site (I can see all the enterprise
folks grinning now) and we have quite a number of other subnets that I'd
have to manually enter if this is not the case. I don't mind doing it, but I
was curious either way.

Brian Cline, Applications Developer
Department of Information Technology
G&P Trucking Company, Inc.
803.936.8595 Direct Line
800.922.1147 Toll-Free (x8595)
803.739.1176 Fax

This e-mail and any attachment is for authorised use by the intended
recipient(s) only. It may contain proprietary material, confidential
information and/or be subject to legal privilege. It should not be copied,
disclosed to, retained or used by, any other party. If you are not an
intended recipient then please promptly delete this e-mail and any
attachment and all copies and inform the sender. Thank you.

List archive:

While your math is right you should look up supernetting and subnetting somewhere.

Thanks,
Brian Desmond
brian (AT) briandesmond (DOT) com

c - 312.731.3132

Message
From: ActiveDir-owner (AT) mail (DOT) activedir.org [mailto:ActiveDir-
owner (AT) mail (DOT) activedir.org] Behalf Mathieu CHATEAU
Sent: Saturday, January 27, 2007 4:17 AM
To: ActiveDir (AT) mail (DOT) activedir.org
Subject: Re: [ActiveDir] AD Subnet Boundaries

In my opinion, there is a pure TCP/IP network issue

A sample example:
The DC is 10.10.0.1 with a netmask of 255.255.0.0 (/16 as indicated).
if you try to ping 10.10.41.104, it will try to communicate on the LAN,
seeking its arp.
It won't send packet to the gateway since 10.10.41.0 must be on the
LAN.

The only way to get it work is to use a Layer 2 link between both site.
--
Regards,
Mathieu CHATEAU

--
Message
From: "Almeida Pinto, Jorge de" <jorge.de.almeida.pinto (AT) logicacmg (DOT) com>
To: <ActiveDir (AT) mail (DOT) activedir.org>
Sent: Friday, January 26, 2007 11:37 PM
Subject: RE: [ActiveDir] AD Subnet Boundaries
--
it will go for the second site 10.10.41.0/24 (= best matching)

Met vriendelijke groeten / Kind regards,
Ing. Jorge de Almeida Pinto
Senior Infrastructure Consultant
MVP Windows Server - Directory Services

LogicaCMG Nederland B.V. (BU RTINC Eindhoven)
( Tel : +31-(0)40-29.57.777
( Mobile : +31-(0)6-26.26.62.80
* E-mail : <see sender address>

From: ActiveDir-owner (AT) mail (DOT) activedir.org on behalf of Brian Cline
Sent: Fri 2007-01-26 22:19
To: ActiveDir (AT) mail (DOT) activedir.org
Subject: [ActiveDir] AD Subnet Boundaries
>
>
>
Say I create an AD subnet of 10.10.0.0/16 and assign it to our primary
site,
and another subnet as 10.10.41.0/24 and assign it to a secondary site.
Will
AD treat a client address of, say, 10.10.41.104 as a client on the
secondary
site, or will it default to the more general primary subnet? The reason
I
ask is we now have a need for a second AD site (I can see all the
enterprise
folks grinning now) and we have quite a number of other subnets that
I'd
have to manually enter if this is not the case. I don't mind doing it,
but I
was curious either way.

Brian Cline, Applications Developer
Department of Information Technology
G&P Trucking Company, Inc.
803.936.8595 Direct Line
800.922.1147 Toll-Free (x8595)
803.739.1176 Fax
>
>
>
This e-mail and any attachment is for authorised use by the intended
recipient(s) only. It may contain proprietary material, confidential
information and/or be subject to legal privilege. It should not be
copied,
disclosed to, retained or used by, any other party. If you are not an
intended recipient then please promptly delete this e-mail and any
attachment and all copies and inform the sender. Thank you.

List archive:

List archive:

hi,

i am coming from network job, so i am used to sub/super netting somehow :)
thanks anyway !

Regards,
Mathieu CHATEAU

Message
From: "Brian Desmond" <brian (AT) briandesmond (DOT) com>
To: <ActiveDir (AT) mail (DOT) activedir.org>
Sent: Saturday, January 27, 2007 6:47 PM
Subject: RE: [ActiveDir] AD Subnet Boundaries

While your math is right you should look up supernetting and subnetting
somewhere.

Thanks,
Brian Desmond
brian (AT) briandesmond (DOT) com

c - 312.731.3132

Message
From: ActiveDir-owner (AT) mail (DOT) activedir.org [mailto:ActiveDir-
owner (AT) mail (DOT) activedir.org] Behalf Mathieu CHATEAU
Sent: Saturday, January 27, 2007 4:17 AM
To: ActiveDir (AT) mail (DOT) activedir.org
Subject: Re: [ActiveDir] AD Subnet Boundaries

In my opinion, there is a pure TCP/IP network issue

A sample example:
The DC is 10.10.0.1 with a netmask of 255.255.0.0 (/16 as indicated).
if you try to ping 10.10.41.104, it will try to communicate on the LAN,
seeking its arp.
It won't send packet to the gateway since 10.10.41.0 must be on the
LAN.

The only way to get it work is to use a Layer 2 link between both site.
--
Regards,
Mathieu CHATEAU

--
Message
From: "Almeida Pinto, Jorge de" <jorge.de.almeida.pinto (AT) logicacmg (DOT) com>
To: <ActiveDir (AT) mail (DOT) activedir.org>
Sent: Friday, January 26, 2007 11:37 PM
Subject: RE: [ActiveDir] AD Subnet Boundaries
--
it will go for the second site 10.10.41.0/24 (= best matching)

Met vriendelijke groeten / Kind regards,
Ing. Jorge de Almeida Pinto
Senior Infrastructure Consultant
MVP Windows Server - Directory Services

LogicaCMG Nederland B.V. (BU RTINC Eindhoven)
( Tel : +31-(0)40-29.57.777
( Mobile : +31-(0)6-26.26.62.80
* E-mail : <see sender address>

From: ActiveDir-owner (AT) mail (DOT) activedir.org on behalf of Brian Cline
Sent: Fri 2007-01-26 22:19
To: ActiveDir (AT) mail (DOT) activedir.org
Subject: [ActiveDir] AD Subnet Boundaries
>
>
>
Say I create an AD subnet of 10.10.0.0/16 and assign it to our primary
site,
and another subnet as 10.10.41.0/24 and assign it to a secondary site.
Will
AD treat a client address of, say, 10.10.41.104 as a client on the
secondary
site, or will it default to the more general primary subnet? The reason
I
ask is we now have a need for a second AD site (I can see all the
enterprise
folks grinning now) and we have quite a number of other subnets that
I'd
have to manually enter if this is not the case. I don't mind doing it,
but I
was curious either way.

Brian Cline, Applications Developer
Department of Information Technology
G&P Trucking Company, Inc.
803.936.8595 Direct Line
800.922.1147 Toll-Free (x8595)
803.739.1176 Fax
>
>
>
This e-mail and any attachment is for authorised use by the intended
recipient(s) only. It may contain proprietary material, confidential
information and/or be subject to legal privilege. It should not be
copied,
disclosed to, retained or used by, any other party. If you are not an
intended recipient then please promptly delete this e-mail and any
attachment and all copies and inform the sender. Thank you.

List archive:

List archive:

List archive:

K well you don't need a layer 2 link to do what the P wants

Thanks,
Brian Desmond
brian (AT) briandesmond (DOT) com

c - 312.731.3132

Message
From: ActiveDir-owner (AT) mail (DOT) activedir.org [mailto:ActiveDir-
owner (AT) mail (DOT) activedir.org] Behalf Mathieu CHATEAU
Sent: Saturday, January 27, 2007 12:53 PM
To: ActiveDir (AT) mail (DOT) activedir.org
Subject: Re: [ActiveDir] AD Subnet Boundaries

hi,

i am coming from network job, so i am used to sub/super netting somehow
:)
thanks anyway !

Regards,
Mathieu CHATEAU

--
Message
From: "Brian Desmond" <brian (AT) briandesmond (DOT) com>
To: <ActiveDir (AT) mail (DOT) activedir.org>
Sent: Saturday, January 27, 2007 6:47 PM
Subject: RE: [ActiveDir] AD Subnet Boundaries
--
While your math is right you should look up supernetting and subnetting
somewhere.

Thanks,
Brian Desmond
brian (AT) briandesmond (DOT) com

c - 312.731.3132

Message
From: ActiveDir-owner (AT) mail (DOT) activedir.org [mailto:ActiveDir-
owner (AT) mail (DOT) activedir.org] Behalf Mathieu CHATEAU
Sent: Saturday, January 27, 2007 4:17 AM
To: ActiveDir (AT) mail (DOT) activedir.org
Subject: Re: [ActiveDir] AD Subnet Boundaries

In my opinion, there is a pure TCP/IP network issue

A sample example:
The DC is 10.10.0.1 with a netmask of 255.255.0.0 (/16 as indicated).
if you try to ping 10.10.41.104, it will try to communicate on the
LAN,
seeking its arp.
It won't send packet to the gateway since 10.10.41.0 must be on the
LAN.

The only way to get it work is to use a Layer 2 link between both
site.
--
Regards,
Mathieu CHATEAU

--
Message
From: "Almeida Pinto, Jorge de"
<jorge.de.almeida.pinto (AT) logicacmg (DOT) com>
To: <ActiveDir (AT) mail (DOT) activedir.org>
Sent: Friday, January 26, 2007 11:37 PM
Subject: RE: [ActiveDir] AD Subnet Boundaries
--
it will go for the second site 10.10.41.0/24 (= best matching)

Met vriendelijke groeten / Kind regards,
Ing. Jorge de Almeida Pinto
Senior Infrastructure Consultant
MVP Windows Server - Directory Services

LogicaCMG Nederland B.V. (BU RTINC Eindhoven)
( Tel : +31-(0)40-29.57.777
( Mobile : +31-(0)6-26.26.62.80
* E-mail : <see sender address>

From: ActiveDir-owner (AT) mail (DOT) activedir.org on behalf of Brian Cline
Sent: Fri 2007-01-26 22:19
To: ActiveDir (AT) mail (DOT) activedir.org
Subject: [ActiveDir] AD Subnet Boundaries
>
>
>
Say I create an AD subnet of 10.10.0.0/16 and assign it to our
primary
site,
and another subnet as 10.10.41.0/24 and assign it to a secondary
site.
Will
AD treat a client address of, say, 10.10.41.104 as a client on the
secondary
site, or will it default to the more general primary subnet? The
reason
I
ask is we now have a need for a second AD site (I can see all the
enterprise
folks grinning now) and we have quite a number of other subnets that
I'd
have to manually enter if this is not the case. I don't mind doing
it,
but I
was curious either way.

Brian Cline, Applications Developer
Department of Information Technology
G&P Trucking Company, Inc.
803.936.8595 Direct Line
800.922.1147 Toll-Free (x8595)
803.739.1176 Fax
>
>
>
This e-mail and any attachment is for authorised use by the intended
recipient(s) only. It may contain proprietary material, confidential
information and/or be subject to legal privilege. It should not be
copied,
disclosed to, retained or used by, any other party. If you are not an
intended recipient then please promptly delete this e-mail and any
attachment and all copies and inform the sender. Thank you.

List archive:

List archive:

List archive:

List archive:

i don't agree.
the /24 is included in the /16.
You won't have layer 3 routing between the two site, at least from the
primary to the secondary. Even if it will work from a routing point of view
from the secondary to the primary.

what's the point ?

Regards,
Mathieu CHATEAU

Message
From: "Brian Desmond" <brian (AT) briandesmond (DOT) com>
To: <ActiveDir (AT) mail (DOT) activedir.org>
Sent: Saturday, January 27, 2007 6:58 PM
Subject: RE: [ActiveDir] AD Subnet Boundaries

K well you don't need a layer 2 link to do what the P wants

Thanks,
Brian Desmond
brian (AT) briandesmond (DOT) com

c - 312.731.3132

Message
From: ActiveDir-owner (AT) mail (DOT) activedir.org [mailto:ActiveDir-
owner (AT) mail (DOT) activedir.org] Behalf Mathieu CHATEAU
Sent: Saturday, January 27, 2007 12:53 PM
To: ActiveDir (AT) mail (DOT) activedir.org
Subject: Re: [ActiveDir] AD Subnet Boundaries

hi,

i am coming from network job, so i am used to sub/super netting somehow
:)
thanks anyway !

Regards,
Mathieu CHATEAU

--
Message
From: "Brian Desmond" <brian (AT) briandesmond (DOT) com>
To: <ActiveDir (AT) mail (DOT) activedir.org>
Sent: Saturday, January 27, 2007 6:47 PM
Subject: RE: [ActiveDir] AD Subnet Boundaries
--
While your math is right you should look up supernetting and subnetting
somewhere.

Thanks,
Brian Desmond
brian (AT) briandesmond (DOT) com

c - 312.731.3132

Message
From: ActiveDir-owner (AT) mail (DOT) activedir.org [mailto:ActiveDir-
owner (AT) mail (DOT) activedir.org] Behalf Mathieu CHATEAU
Sent: Saturday, January 27, 2007 4:17 AM
To: ActiveDir (AT) mail (DOT) activedir.org
Subject: Re: [ActiveDir] AD Subnet Boundaries

In my opinion, there is a pure TCP/IP network issue

A sample example:
The DC is 10.10.0.1 with a netmask of 255.255.0.0 (/16 as indicated).
if you try to ping 10.10.41.104, it will try to communicate on the
LAN,
seeking its arp.
It won't send packet to the gateway since 10.10.41.0 must be on the
LAN.

The only way to get it work is to use a Layer 2 link between both
site.
--
Regards,
Mathieu CHATEAU

--
Message
From: "Almeida Pinto, Jorge de"
<jorge.de.almeida.pinto (AT) logicacmg (DOT) com>
To: <ActiveDir (AT) mail (DOT) activedir.org>
Sent: Friday, January 26, 2007 11:37 PM
Subject: RE: [ActiveDir] AD Subnet Boundaries
--
it will go for the second site 10.10.41.0/24 (= best matching)

Met vriendelijke groeten / Kind regards,
Ing. Jorge de Almeida Pinto
Senior Infrastructure Consultant
MVP Windows Server - Directory Services

LogicaCMG Nederland B.V. (BU RTINC Eindhoven)
( Tel : +31-(0)40-29.57.777
( Mobile : +31-(0)6-26.26.62.80
* E-mail : <see sender address>

From: ActiveDir-owner (AT) mail (DOT) activedir.org on behalf of Brian Cline
Sent: Fri 2007-01-26 22:19
To: ActiveDir (AT) mail (DOT) activedir.org
Subject: [ActiveDir] AD Subnet Boundaries
>
>
>
Say I create an AD subnet of 10.10.0.0/16 and assign it to our
primary
site,
and another subnet as 10.10.41.0/24 and assign it to a secondary
site.
Will
AD treat a client address of, say, 10.10.41.104 as a client on the
secondary
site, or will it default to the more general primary subnet? The
reason
I
ask is we now have a need for a second AD site (I can see all the
enterprise
folks grinning now) and we have quite a number of other subnets that
I'd
have to manually enter if this is not the case. I don't mind doing
it,
but I
was curious either way.

Brian Cline, Applications Developer
Department of Information Technology
G&P Trucking Company, Inc.
803.936.8595 Direct Line
800.922.1147 Toll-Free (x8595)
803.739.1176 Fax
>
>
>
This e-mail and any attachment is for authorised use by the intended
recipient(s) only. It may contain proprietary material, confidential
information and/or be subject to legal privilege. It should not be
copied,
disclosed to, retained or used by, any other party. If you are not an
intended recipient then please promptly delete this e-mail and any
attachment and all copies and inform the sender. Thank you.

List archive:

List archive:

List archive:

List archive:

List archive:

AD subnets have nothing to do with how the WAN is actually routed. All they do is link an IP address to a site. If you don't have a blanket subnet as a last resort your DCs start filling their event logs with events about how clients are connecting from unknown subnets.

So what you do is you take your hub datacenter(s) and associate large supernets with the site objects (as big as 10.0.0.0/8 if appropriate). Then you associate the actual subnets with the sites where they're physically located.

Thanks,
Brian Desmond
brian (AT) briandesmond (DOT) com

c - 312.731.3132

Message
From: ActiveDir-owner (AT) mail (DOT) activedir.org [mailto:ActiveDir-
owner (AT) mail (DOT) activedir.org] Behalf Mathieu CHATEAU
Sent: Saturday, January 27, 2007 1:34 PM
To: ActiveDir (AT) mail (DOT) activedir.org
Subject: Re: [ActiveDir] AD Subnet Boundaries

i don't agree.
the /24 is included in the /16.
You won't have layer 3 routing between the two site, at least from the
primary to the secondary. Even if it will work from a routing point of
view
from the secondary to the primary.

what's the point ?

Regards,
Mathieu CHATEAU

--
Message
From: "Brian Desmond" <brian (AT) briandesmond (DOT) com>
To: <ActiveDir (AT) mail (DOT) activedir.org>
Sent: Saturday, January 27, 2007 6:58 PM
Subject: RE: [ActiveDir] AD Subnet Boundaries
--
K well you don't need a layer 2 link to do what the P wants

Thanks,
Brian Desmond
brian (AT) briandesmond (DOT) com

c - 312.731.3132
--
Message
From: ActiveDir-owner (AT) mail (DOT) activedir.org [mailto:ActiveDir-
owner (AT) mail (DOT) activedir.org] Behalf Mathieu CHATEAU
Sent: Saturday, January 27, 2007 12:53 PM
To: ActiveDir (AT) mail (DOT) activedir.org
Subject: Re: [ActiveDir] AD Subnet Boundaries

hi,

i am coming from network job, so i am used to sub/super netting
somehow
:)
thanks anyway !

Regards,
Mathieu CHATEAU

--
Message
From: "Brian Desmond" <brian (AT) briandesmond (DOT) com>
To: <ActiveDir (AT) mail (DOT) activedir.org>
Sent: Saturday, January 27, 2007 6:47 PM
Subject: RE: [ActiveDir] AD Subnet Boundaries
--
While your math is right you should look up supernetting and
subnetting
somewhere.

Thanks,
Brian Desmond
brian (AT) briandesmond (DOT) com

c - 312.731.3132

Message
From: ActiveDir-owner (AT) mail (DOT) activedir.org [mailto:ActiveDir-
owner (AT) mail (DOT) activedir.org] Behalf Mathieu CHATEAU
Sent: Saturday, January 27, 2007 4:17 AM
To: ActiveDir (AT) mail (DOT) activedir.org
Subject: Re: [ActiveDir] AD Subnet Boundaries

In my opinion, there is a pure TCP/IP network issue

A sample example:
The DC is 10.10.0.1 with a netmask of 255.255.0.0 (/16 as
indicated).
if you try to ping 10.10.41.104, it will try to communicate on the
LAN,
seeking its arp.
It won't send packet to the gateway since 10.10.41.0 must be on the
LAN.

The only way to get it work is to use a Layer 2 link between both
site.
--
Regards,
Mathieu CHATEAU

--
Message
From: "Almeida Pinto, Jorge de"
<jorge.de.almeida.pinto (AT) logicacmg (DOT) com>
To: <ActiveDir (AT) mail (DOT) activedir.org>
Sent: Friday, January 26, 2007 11:37 PM
Subject: RE: [ActiveDir] AD Subnet Boundaries
--
it will go for the second site 10.10.41.0/24 (= best matching)

Met vriendelijke groeten / Kind regards,
Ing. Jorge de Almeida Pinto
Senior Infrastructure Consultant
MVP Windows Server - Directory Services

LogicaCMG Nederland B.V. (BU RTINC Eindhoven)
( Tel : +31-(0)40-29.57.777
( Mobile : +31-(0)6-26.26.62.80
* E-mail : <see sender address>

From: ActiveDir-owner (AT) mail (DOT) activedir.org on behalf of Brian Cline
Sent: Fri 2007-01-26 22:19
To: ActiveDir (AT) mail (DOT) activedir.org
Subject: [ActiveDir] AD Subnet Boundaries
>
>
>
Say I create an AD subnet of 10.10.0.0/16 and assign it to our
primary
site,
and another subnet as 10.10.41.0/24 and assign it to a secondary
site.
Will
AD treat a client address of, say, 10.10.41.104 as a client on the
secondary
site, or will it default to the more general primary subnet? The
reason
I
ask is we now have a need for a second AD site (I can see all the
enterprise
folks grinning now) and we have quite a number of other subnets
that
I'd
have to manually enter if this is not the case. I don't mind doing
it,
but I
was curious either way.

Brian Cline, Applications Developer
Department of Information Technology
G&P Trucking Company, Inc.
803.936.8595 Direct Line
800.922.1147 Toll-Free (x8595)
803.739.1176 Fax
>
>
>
This e-mail and any attachment is for authorised use by the
intended
recipient(s) only. It may contain proprietary material,
confidential
information and/or be subject to legal privilege. It should not be
copied,
disclosed to, retained or used by, any other party. If you are not
an
intended recipient then please promptly delete this e-mail and any
attachment and all copies and inform the sender. Thank you.

List archive:

List archive:

List archive:

List archive:

List archive:

List archive:

AD Subnet Boundarieshello,

just to stop the troll
Do you understand my others post about your network ?
Is you DC set up on its network interface with a 255.255.0.0 netmask ?

Your setup will work fine from an AD point of view (dssite.msc) , but not an IP routing point of view if you are really using a 255.255.0.0

Regards,
Mathieu CHATEAU

Message
From: Brian Cline
To: ActiveDir (AT) mail (DOT) activedir.org
Sent: Friday, January 26, 2007 10:19 PM
Subject: [ActiveDir] AD Subnet Boundaries

Say I create an AD subnet of 10.10.0.0/16 and assign it to our primary site, and another subnet as 10.10.41.0/24 and assign it to a secondary site. Will AD treat a client address of, say, 10.10.41.104 as a client on the secondary site, or will it default to the more general primary subnet? The reason I ask is we now have a need for a second AD site (I can see all the enterprise folks grinning now) and we have quite a number of other subnets that I'd have to manually enter if this is not the case. I don't mind doing it, but I was curious either way.

Brian Cline, Applications Developer
Department of Information Technology
G&P Trucking Company, Inc.
803.936.8595 Direct Line
800.922.1147 Toll-Free (x8595)
803.739.1176 Fax

My advice would have been to start with a 255.255.255.0 netmask (/24) - it's better for creating more subnets and hosts. 255.255.0.0 (/16) is more limiting if that is what the person is using, no matter what IP class is being used. But if not selected initially it's too late to easily go back

Regards,

Chuck

Message
From: gollum123 (AT) free (DOT) fr
To: ActiveDir (AT) mail (DOT) activedir.org
Sent: Sun, 28 Jan 2007 3:01 AM
Subject: Re: [ActiveDir] AD Subnet Boundaries

hello,

just to stop the troll
Do you understand my others post about your network ?
Is you DC set up on its network interface with a 255.255.0.0 netmask ?

Your setup will work fine from an AD point of view (dssite.msc) , but not an IP routing point of view if you are really using a 255.255.0.0

Regards,
Mathieu CHATEAU

Message
From: Brian Cline
To: ActiveDir (AT) mail (DOT) activedir.org
Sent: Friday, January 26, 2007 10:19 PM
Subject: [ActiveDir] AD Subnet Boundaries

Say I create an AD subnet of 10.10.0.0/16 and assign it to our primary site, and another subnet as 10.10.41.0/24 and assign it to a secondary site. Will AD treat a client address of, say, 10.10.41.104 as a client on the secondary site, or will it default to the more general primary subnet? The reason I ask is we now have a need for a second AD site (I can see all the enterprise folks grinning now) and we have quite a number of other subnets that Id have to manually enter if this is not the case. I t mind doing it, but I was curious either way.
Brian Cline, Applications Developer
Department of Information Technology
G&P Trucking Company, Inc.
803.936.8595 Direct Line
800.922.1147 Toll-Free (x8595)
803.739.1176 Fax

Check out the new AL. Most comprehensive set of free safety and security tools, free access to millions of high-quality videos from across the web, free AL Mail and more.

Nowhere does the P say he's assigned a /16 mask to any interface.

Thanks,
Brian Desmond
brian (AT) briandesmond (DOT) com

c - 312.731.3132

From: ActiveDir-owner (AT) mail (DOT) activedir.org [mailto:ActiveDir-owner (AT) mail (DOT) activedir.org] Behalf Mathieu CHATEAU
Sent: Sunday, January 28, 2007 4:02 AM
To: ActiveDir (AT) mail (DOT) activedir.org
Subject: Re: [ActiveDir] AD Subnet Boundaries

hello,

just to stop the troll
Do you understand my others post about your network ?
Is you DC set up on its network interface with a 255.255.0.0 netmask ?

Your setup will work fine from an AD point of view (dssite.msc) , but not an IP routing point of view if you are really using a 255.255.0.0

Regards,
Mathieu CHATEAU

Message
From: Brian Cline<mailto:bcline (AT) gptruck (DOT) com>
To: ActiveDir (AT) mail (DOT) activedir.org<mailto:ActiveDir (AT) mail (DOT) activedir.org>
Sent: Friday, January 26, 2007 10:19 PM
Subject: [ActiveDir] AD Subnet Boundaries

Say I create an AD subnet of 10.10.0.0/16 and assign it to our primary site, and another subnet as 10.10.41.0/24 and assign it to a secondary site. Will AD treat a client address of, say, 10.10.41.104 as a client on the secondary site, or will it default to the more general primary subnet? The reason I ask is we now have a need for a second AD site (I can see all the enterprise folks grinning now) and we have quite a number of other subnets that I'd have to manually enter if this is not the case. I don't mind doing it, but I was curious either way.

Brian Cline, Applications Developer
Department of Information Technology
G&P Trucking Company, Inc.
803.936.8595 Direct Line
800.922.1147 Toll-Free (x8595)
803.739.1176 Fax

Going with a /24 when you're laying out a network just because its common and small doesn't really help anymore than picking a /16 out of the blue in the long run.

Migrating machines into new subnets is actually not that difficult if properly planned - I've been around that circuit quite a few times.

Thanks,
Brian Desmond
brian (AT) briandesmond (DOT) com

c - 312.731.3132

From: ActiveDir-owner (AT) mail (DOT) activedir.org [mailto:ActiveDir-owner (AT) mail (DOT) activedir.org] Behalf chuckgaff (AT) aol (DOT) com
Sent: Sunday, January 28, 2007 9:24 AM
To: ActiveDir (AT) mail (DOT) activedir.org
Subject: Re: [ActiveDir] AD Subnet Boundaries

My advice would have been to start with a 255.255.255.0 netmask (/24) - it's better for creating more subnets and hosts. 255.255.0.0 (/16) is more limiting if that is what the person is using, no matter what IP class is being used. But if not selected initially it's too late to easily go back

Regards,

Chuck

Message
From: gollum123 (AT) free (DOT) fr
To: ActiveDir (AT) mail (DOT) activedir.org
Sent: Sun, 28 Jan 2007 3:01 AM
Subject: Re: [ActiveDir] AD Subnet Boundaries
hello,

just to stop the troll
Do you understand my others post about your network ?
Is you DC set up on its network interface with a 255.255.0.0 netmask ?

Your setup will work fine from an AD point of view (dssite.msc) , but not an IP routing point of view if you are really using a 255.255.0.0

Regards,
Mathieu CHATEAU
<>

Message
From: Brian Cline<javascript:parent.ComposeTo('bcline (AT) gptruck (DOT) com',%20'');>
To: ActiveDir (AT) mail (DOT) activedir.org<javascript:parent.ComposeTo('ActiveDir (AT) mail (DOT) activedir.org',%20'');>
Sent: Friday, January 26, 2007 10:19 PM
Subject: [ActiveDir] AD Subnet Boundaries

Say I create an AD subnet of 10.10.0.0/16 and assign it to our primary site, and another subnet as 10.10.41.0/24 and assign it to a secondary site. Will AD treat a client address of, say, 10.10.41.104 as a client on the secondary site, or will it default to the more general primary subnet? The reason I ask is we now have a need for a second AD site (I can see all the enterprise folks grinning now) and we have quite a number of other subnets that I'd have to manually enter if this is not the case. I don't mind doing it, but I was curious either way.
Brian Cline, Applications Developer
Department of Information Technology
G&P Trucking Company, Inc.
803.936.8595 Direct Line
800.922.1147 Toll-Free (x8595)
803.739.1176 Fax

Check out the new AL<%3A%2F%2Fwww%2Eaol%2Ecom%2Fnewaol>. Most comprehensive set of free safety and security tools, free access to millions of high-quality videos from across the web, free AL Mail and more.

Brian - if you look at the basic math of subnetting - it makes more sense in an enterprise network to go with /24 than /16. But if you know you have enough hosts and subnets then you can use whatever you want. I typically recommend /24 and then you don't ever really have to worrry about, assuming you are using default subnet masks.

Regards,

Chuck

Message
From: brian (AT) briandesmond (DOT) com
To: ActiveDir (AT) mail (DOT) activedir.org
Sent: Sun, 28 Jan 2007 11:39 AM
Subject: RE: [ActiveDir] AD Subnet Boundaries

Going with a /24 when re laying out a network just because its common and small t really help anymore than picking a /16 out of the blue in the long run.

Migrating machines into new subnets is actually not that difficult if properly planned Ive been around that circuit quite a few times

Thanks,
Brian Desmond
brian (AT) briandesmond (DOT) com

c - 312.731.3132

From: ActiveDir-owner (AT) mail (DOT) activedir.org [mailto:ActiveDir-owner (AT) mail (DOT) activedir.org] Behalf chuckgaff (AT) aol (DOT) com
Sent: Sunday, January 28, 2007 9:24 AM
To: ActiveDir (AT) mail (DOT) activedir.org
Subject: Re: [ActiveDir] AD Subnet Boundaries

My advice would have been to start with a 255.255.255.0 netmask (/24) - it's better for creating more subnets and hosts. 255.255.0.0 (/16) is more limiting if that is what the person is using, no matter what IP class is being used. But if not selected initially it's too late to easily go back

Regards,

Chuck

Message
From: gollum123 (AT) free (DOT) fr
To: ActiveDir (AT) mail (DOT) activedir.org
Sent: Sun, 28 Jan 2007 3:01 AM
Subject: Re: [ActiveDir] AD Subnet Boundaries
hello,

just to stop the troll
Do you understand my others post about your network ?
Is you DC set up on its network interface with a 255.255.0.0 netmask ?

Your setup will work fine from an AD point of view (dssite.msc) , but not an IP routing point of view if you are really using a 255.255.0.0

Regards,
Mathieu CHATEAU

Message
From: Brian Cline
To: ActiveDir (AT) mail (DOT) activedir.org
Sent: Friday, January 26, 2007 10:19 PM
Subject: [ActiveDir] AD Subnet Boundaries

Say I create an AD subnet of 10.10.0.0/16 and assign it to our primary site, and another subnet as 10.10.41.0/24 and assign it to a secondary site. Will AD treat a client address of, say, 10.10.41.104 as a client on the secondary site, or will it default to the more general primary subnet? The reason I ask is we now have a need for a second AD site (I can see all the enterprise folks grinning now) and we have quite a number of other subnets that Id have to manually enter if this is not the case. I t mind doing it, but I was curious either way.
Brian Cline, Applications Developer
Department of Information Technology
G&P Trucking Company, Inc.
803.936.8595 Direct Line
800.922.1147 Toll-Free (x8595)
803.739.1176 Fax

Check out the new AL. Most comprehensive set of free safety and security tools, free access to millions of high-quality videos from across the web, free AL Mail and more.

Check out the new AL. Most comprehensive set of free safety and security tools, free access to millions of high-quality videos from across the web, free AL Mail and more.

Yes. The problem is that blanket using a /24 or a /K where K is in Z {8,32} is not an efficient use of address space. I've worked in places where they have gotten on the track to running out of none routable IPs because they blanket subnetted every site with no thought about the size of the site/vlan. If a /24 is way too much then give it something smaller

Thanks,
Brian Desmond
brian (AT) briandesmond (DOT) com

c - 312.731.3132

From: ActiveDir-owner (AT) mail (DOT) activedir.org [mailto:ActiveDir-owner (AT) mail (DOT) activedir.org] Behalf chuckgaff (AT) aol (DOT) com
Sent: Sunday, January 28, 2007 11:23 PM
To: ActiveDir (AT) mail (DOT) activedir.org
Subject: Re: [ActiveDir] AD Subnet Boundaries

Brian - if you look at the basic math of subnetting - it makes more sense in an enterprise network to go with /24 than /16. But if you know you have enough hosts and subnets then you can use whatever you want. I typically recommend /24 and then you don't ever really have to worrry about, assuming you are using default subnet masks.

Regards,

Chuck

Message
From: brian (AT) briandesmond (DOT) com
To: ActiveDir (AT) mail (DOT) activedir.org
Sent: Sun, 28 Jan 2007 11:39 AM
Subject: RE: [ActiveDir] AD Subnet Boundaries
Going with a /24 when you're laying out a network just because its common and small doesn't really help anymore than picking a /16 out of the blue in the long run.

Migrating machines into new subnets is actually not that difficult if properly planned - I've been around that circuit quite a few times.

Thanks,
Brian Desmond
brian (AT) briandesmond (DOT) com

c - 312.731.3132

From: ActiveDir-owner (AT) mail (DOT) activedir.org [mailto:ActiveDir-owner (AT) mail (DOT) activedir.org] Behalf chuckgaff (AT) aol (DOT) com
Sent: Sunday, January 28, 2007 9:24 AM
To: ActiveDir (AT) mail (DOT) activedir.org
Subject: Re: [ActiveDir] AD Subnet Boundaries

My advice would have been to start with a 255.255.255.0 netmask (/24) - it's better for creating more subnets and hosts. 255.255.0.0 (/16) is more limiting if that is what the person is using, no matter what IP class is being used. But if not selected initially it's too late to easily go back

Regards,

Chuck

Message
From: gollum123 (AT) free (DOT) fr
To: ActiveDir (AT) mail (DOT) activedir.org
Sent: Sun, 28 Jan 2007 3:01 AM
Subject: Re: [ActiveDir] AD Subnet Boundaries
hello,

just to stop the troll
Do you understand my others post about your network ?
Is you DC set up on its network interface with a 255.255.0.0 netmask ?

Your setup will work fine from an AD point of view (dssite.msc) , but not an IP routing point of view if you are really using a 255.255.0.0

Regards,
Mathieu CHATEAU
<>

Message
From: Brian Cline
To: ActiveDir (AT) mail (DOT) activedir.org
Sent: Friday, January 26, 2007 10:19 PM
Subject: [ActiveDir] AD Subnet Boundaries

Say I create an AD subnet of 10.10.0.0/16 and assign it to our primary site, and another subnet as 10.10.41.0/24 and assign it to a secondary site. Will AD treat a client address of, say, 10.10.41.104 as a client on the secondary site, or will it default to the more general primary subnet? The reason I ask is we now have a need for a second AD site (I can see all the enterprise folks grinning now) and we have quite a number of other subnets that I'd have to manually enter if this is not the case. I don't mind doing it, but I was curious either way.
Brian Cline, Applications Developer
Department of Information Technology
G&P Trucking Company, Inc.
803.936.8595 Direct Line
800.922.1147 Toll-Free (x8595)
803.739.1176 Fax

Check out the new AL<%3A%2F%2Fwww%2Eaol%2Ecom%2Fnewaol>. Most comprehensive set of free safety and security tools, free access to millions of high-quality videos from across the web, free AL Mail and more.

Check out the new AL<%3A%2F%2Fwww%2Eaol%2Ecom%2Fnewaol>. Most comprehensive set of free safety and security tools, free access to millions of high-quality videos from across the web, free AL Mail and more.