Question : Windows 2003 Active directory with same servers connected to two different subnets

Hello,

I have the following servers:

2 domain controllers
1 Back end Exchange server
1 Front End Exchange server
1 ISA 2006 server
and 3 application / file servers.

Each server is part of the domain and connected to the private network.

Everything works well and seems to function without any issues.

I want to isolate backups and communication, so I added a second network card to each server and connected all these servers to an independant switch. I also created a completely new subnent (which I call backup).

Can this configuation work? If so what is the best way to configure the active directory component of the backup segment? I don't need routing, and I don't need internet access.

What happens if I list DNS in the IP info of each NIC connected to the backup segment? Can each server be recorded with two different IP addresses (one for private and one for backup segments)?

One thing to note - I have a backup server that is only connected to the backup network.

Any advice woul be appreciated. I seem to be missing some logic here and need to be steered in the right direction.



Thanks,

Mark

Answer : Windows 2003 Active directory with same servers connected to two different subnets

Domain Controllers don't pay attention to the 'do not register IP in dns settings' (it's to do with the NETLOGON process).  This means that you will get duplicate IP addresses for AD in DNS.

The knock on effect of this is that when a client requests an IP address for AD etc, the DNS servers could well respond with the backup network IP addresses which of course will mean that your workstations/application servers etc will fail because they can't see AD.

Your idea to backup your servers over a separate network is a good one - just don't include you AD servers in the plan or you will spend hours/days/weeks chasing intermittent problems with AD authentication failures, GPO processing, login time outs etc.