I agree with Joe. I think it's a two fold problem. 1) People don't know that you can assign a block more than once and 2) they just don't seem to understand CIDR notation.
I'm responsible for adding those addresses in our enterprise and I get requests all the time formatted like below and they apparently think they you have to make the AD assignment match the mask length of the clients. If that were the case I'd have thousands if not tens of thousands of assignments. Please add the following to West-HQ site 10.10.5.0/25 10.10.5.128/25 10.10.6.0/25 10.10.6.128/25 ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Sunday, January 28, 2007 10:00 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Overlapping AD Subnet Boundaries > I think that someone knowing this wouldn't have post the question. I don't agree with this part. A lot of people don't think you can supernet AD subnets. In fact I have had people tell me outright it is impossible to do that in AD even when I tell them it has been my standard practice since Windows 2000 RTM'ed. They think it is just like the routing subnets where you have to very careful what you are doing or you will break packet routing. I see this question on a pretty regular basis in various forums, at least once per month. joe -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mathieu CHATEAU Sent: Saturday, January 27, 2007 3:17 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Overlapping AD Subnet Boundaries I know there is not a direct relation, but i don't know if the original poster understand that this can't work if it's the real implementation. I think that someone knowing this wouldn't have post the question. Regards, Mathieu CHATEAU http://lordoftheping.blogspot.com ----- Original Message ----- From: joe <mailto:[EMAIL PROTECTED]> To: ActiveDir@mail.activedir.org Sent: Saturday, January 27, 2007 9:03 PM Subject: RE: [ActiveDir] Overlapping AD Subnet Boundaries You are mistaking machine subnetting and subnetting defined in AD. They are not connected. The definitions in AD do not have to reflect what is really happening at the routing layer. They are generally close but there isn't any technical reason why they have to be. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mathieu CHATEAU Sent: Friday, January 26, 2007 4:34 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Overlapping AD Subnet Boundaries is it really 10.10.0.0/16 or a mistake (/24) ? Because your first site won't be able to joint the other one as it will think it's local and won't sent packet to the gateway (if it's really a /16). If it's a real /24, then it will works as expected (10.10.41.104 will be attached to the secondary site). If it's a /16 and you need router between both site, your configuration can't work from a network point of view. Regards, Mathieu CHATEAU http://lordoftheping.blogspot.com ----- Original Message ----- From: Brian Cline <mailto:[EMAIL PROTECTED]> To: ActiveDir@mail.activedir.org Sent: Friday, January 26, 2007 10:19 PM Subject: [ActiveDir] Overlapping AD Subnet Boundaries Say I create an AD subnet of 10.10.0.0/16 and assign it to our primary site, and another subnet as 10.10.41.0/24 and assign it to a secondary site. Will AD treat a client address of, say, 10.10.41.104 as a client on the secondary site, or will it default to the more general primary subnet? The reason I ask is we now have a need for a second AD site (I can see all the enterprise folks grinning now) and we have quite a number of other subnets that I'd have to manually enter if this is not the case. I don't mind doing it, but I was curious either way. Brian Cline, Applications Developer Department of Information Technology G&P Trucking Company, Inc. 803.936.8595 Direct Line 800.922.1147 Toll-Free (x8595) 803.739.1176 Fax
