x404.co.uk
http://x404.co.uk/forum/

Windows AD and sub-domains
http://x404.co.uk/forum/viewtopic.php?f=4&t=26447
Page 1 of 1

Author:  big_D [ Thu Mar 08, 2018 12:47 pm ]
Post subject:  Windows AD and sub-domains

We have a network with multiple VLANs or sub-nets and each sub-net has its own domain name and the DNS is controlled by an internal Linux BIND server.

E.g.
develop.example.com
support.example.com
office.example.com
staging.example.com

This works fine for all of the Linux hosts, but we are now adding a few Windows PCs and servers into the mix...

And the Windows PCs should be part of a Windows AD domain. There should be one AD with multiple OUs, which represent the sub-domains above.

But from my research, that isn't possible. We would have to create domain controllers for each sub-network. As we only have half a dozen Windows PCs, spread over 5 sub-domains / sub-networks, that would mean 10 DCs (2 for each sub-domain) to control 6 PCs!

Is it possible to have a Windows AD named win-ad.example.com, which controls all Windows PCs, using the relevant OUs and have the Windows PCs accessible under their "organizational" sub-domain and the Windows domain?

E.g. 192.168.0.10 = PC1.develop.example.com = PC1.win-ad.example.com
192.168.1.15 = PC2.support.example.com = PC2.win-ad.example.com

So the Windows AD thinks the PC is in the win-ad sub-domain and the Linux boxes and users can still access it under its "canonical" name?

The Windows DC would be its own DNS for its AD domain and use the BIND server for upstream DNS resolution. Would we have to put the alias in BIND as well as in the Windows domain? Would Windows also need both aliases, I assume not as it would only need it for reverse lookups (IP-address to domain, if it received PC1.develop.example. it should, if my theory is correct, punt that up the line to BIND and if it is looking for PC1.win-ad.example.com, it resolves it itself)? The Linux side doesn't, theoretically, need to know about the win-ad... names at all.

Would this even work? :?

Author:  saspro [ Thu Mar 08, 2018 1:45 pm ]
Post subject:  Re: Windows AD and sub-domains

If you want them to line up exactly then you'll need a bucketload of DC's and that's rather excessive.

You could create stub zones or additional primary zones on the windows DNS pointing to the BIND servers.
The PC's would be on a different domain to the Linux clients but you'd be able to resolve.

Author:  big_D [ Fri Mar 09, 2018 10:17 am ]
Post subject:  Re: Windows AD and sub-domains

Thanks. Setting up the domain at the moment... I'll see how it works out.

Page 1 of 1 All times are UTC
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/