Reply to topic  [ 3 posts ] 
Windows AD and sub-domains 
Author Message
What's a life?
User avatar

Joined: Thu Apr 23, 2009 8:25 pm
Posts: 10691
Location: Bramsche
Reply with quote
We have a network with multiple VLANs or sub-nets and each sub-net has its own domain name and the DNS is controlled by an internal Linux BIND server.

E.g.
develop.example.com
support.example.com
office.example.com
staging.example.com

This works fine for all of the Linux hosts, but we are now adding a few Windows PCs and servers into the mix...

And the Windows PCs should be part of a Windows AD domain. There should be one AD with multiple OUs, which represent the sub-domains above.

But from my research, that isn't possible. We would have to create domain controllers for each sub-network. As we only have half a dozen Windows PCs, spread over 5 sub-domains / sub-networks, that would mean 10 DCs (2 for each sub-domain) to control 6 PCs!

Is it possible to have a Windows AD named win-ad.example.com, which controls all Windows PCs, using the relevant OUs and have the Windows PCs accessible under their "organizational" sub-domain and the Windows domain?

E.g. 192.168.0.10 = PC1.develop.example.com = PC1.win-ad.example.com
192.168.1.15 = PC2.support.example.com = PC2.win-ad.example.com

So the Windows AD thinks the PC is in the win-ad sub-domain and the Linux boxes and users can still access it under its "canonical" name?

The Windows DC would be its own DNS for its AD domain and use the BIND server for upstream DNS resolution. Would we have to put the alias in BIND as well as in the Windows domain? Would Windows also need both aliases, I assume not as it would only need it for reverse lookups (IP-address to domain, if it received PC1.develop.example. it should, if my theory is correct, punt that up the line to BIND and if it is looking for PC1.win-ad.example.com, it resolves it itself)? The Linux side doesn't, theoretically, need to know about the win-ad... names at all.

Would this even work? :?

_________________
"Do you know what this is? Hmm? No, I can see you do not. You have that vacant look in your eyes, which says hold my head to your ear, you will hear the sea!" - Londo Molari

Executive Producer No Agenda Show 246


Thu Mar 08, 2018 12:47 pm
Profile ICQ
Site Admin
User avatar

Joined: Thu Apr 23, 2009 5:53 pm
Posts: 8603
Location: location, location
Reply with quote
If you want them to line up exactly then you'll need a bucketload of DC's and that's rather excessive.

You could create stub zones or additional primary zones on the windows DNS pointing to the BIND servers.
The PC's would be on a different domain to the Linux clients but you'd be able to resolve.

_________________
Support X404, use our Amazon link
Get your X404 tat here
jonlumb wrote:
I've only ever done it with a chicken so far, but if required I wouldn't have any problems doing it with other animals at all.


Thu Mar 08, 2018 1:45 pm
Profile WWW
What's a life?
User avatar

Joined: Thu Apr 23, 2009 8:25 pm
Posts: 10691
Location: Bramsche
Reply with quote
Thanks. Setting up the domain at the moment... I'll see how it works out.

_________________
"Do you know what this is? Hmm? No, I can see you do not. You have that vacant look in your eyes, which says hold my head to your ear, you will hear the sea!" - Londo Molari

Executive Producer No Agenda Show 246


Fri Mar 09, 2018 10:17 am
Profile ICQ
Display posts from previous:  Sort by  
Reply to topic   [ 3 posts ] 

Who is online

Users browsing this forum: No registered users and 14 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group
Designed by ST Software.