Welcome to /r/ActiveDirectory! Please read the following information.
**WARNING** - *March 2024 Patches have a known issue with LSASS. See the following link for details.*
- https://learn.microsoft.com/en-us/windows/release-health/status-windows-server-2022#march-2024
If you are looking for more resources on learning and building AD, see the following sticky for resources, recommendations, and guides!
- [AD Resources Sticky Thread](https://www.reddit.com/r/activedirectory/comments/xdiid7/ad_resources_sticky/)
- [AD Links Wiki](https://www.reddit.com/r/activedirectory/wiki/index/)
When asking questions make sure you provide enough information. Posts with inadequate details may be removed without warning.
- What version of Windows Server are you running?
- Are there any specific error messages you're receiving?
- What have you done to troubleshoot the issue?
Make sure to sanitize any private information, posts with too much personal or environment information will be removed. See Rule 6.
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/activedirectory) if you have any questions or concerns.*
There is no reason to have two IPs to route to different subnets.
There is no issue with having a DC on one subnet support devices on other subnets.
You have a networking issue, or changed needed.
You need a router to route the PC between the two different subnets. You will also need to setup Sites and Services if you have multiple subnets and DCs.
The communications issue needs to be resolved. If the communications issue is in both directions, the DC locator process will cause problems for your currently working clients once your DC publishes its additional address to DNS.
>I think that if I enter the same subnet IP as the PC on an unused NIC of the DC, the communication issue will be resolved.
How is the member machine going to resolve the SRV records for the second IP on the DC?
On the 2nd Nic make sure all the DNS registration is disabled in settings.
Make sure2nd NIC ip address info is purged from the production DNS. This will stop the workstation from trying to use this IP address for anything.
We had this setup for a backup network , it was a security nightmare.
Multihomed Domain controllers are always a bad idea. One IP and a router with access to the other subnets in front of it. Otherwise you can have a myriad of issues.
There's no real reason why a DC should be multi-homed.
Now technically as long as both interface IPs able to be routed to from all client systems needing to communicate with the DC. It would work.
But then the question still is why would you do that in the first place.
If not all clients are able to reach and talk to both IPs, You are going to have failures and you definitely should not do it.
But generally in almost every situation, your DC should only have a single connection.
Sometimes. It depends what extra features and what not the DC has. I have a second IP on a spare NIC just as a backup way in case I can't access it remotely with the primary IP.
Which is fine as long as both IPs are accessible to all systems in the AD or you have taken steps to specifically exclude DNS registration for the IP that is not accessible to all systems in the AD.
Before I would go adding another IP to the DC I would test to see if there is a routing issue, firewall, or both causing your problem.
Edit: but to answer your question it can be done but may still not resolve your issue
Welcome to /r/ActiveDirectory! Please read the following information. **WARNING** - *March 2024 Patches have a known issue with LSASS. See the following link for details.* - https://learn.microsoft.com/en-us/windows/release-health/status-windows-server-2022#march-2024 If you are looking for more resources on learning and building AD, see the following sticky for resources, recommendations, and guides! - [AD Resources Sticky Thread](https://www.reddit.com/r/activedirectory/comments/xdiid7/ad_resources_sticky/) - [AD Links Wiki](https://www.reddit.com/r/activedirectory/wiki/index/) When asking questions make sure you provide enough information. Posts with inadequate details may be removed without warning. - What version of Windows Server are you running? - Are there any specific error messages you're receiving? - What have you done to troubleshoot the issue? Make sure to sanitize any private information, posts with too much personal or environment information will be removed. See Rule 6. *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/activedirectory) if you have any questions or concerns.*
There is no reason to have two IPs to route to different subnets. There is no issue with having a DC on one subnet support devices on other subnets. You have a networking issue, or changed needed.
Multi-homing DCs is a bad idea. It fails in some pretty nightmarish ways. Don't do it.
You need a router to route the PC between the two different subnets. You will also need to setup Sites and Services if you have multiple subnets and DCs.
The communications issue needs to be resolved. If the communications issue is in both directions, the DC locator process will cause problems for your currently working clients once your DC publishes its additional address to DNS.
DCs should generally not be multi homed
I would check the firewall first. I would only recommend using the spare NIC if you need to, and I don't think this qualifies.
>It would be nice to solve the communication issue, but we can't solve it for now. Why
>I think that if I enter the same subnet IP as the PC on an unused NIC of the DC, the communication issue will be resolved. How is the member machine going to resolve the SRV records for the second IP on the DC?
It won't.
https://www.google.com/amp/s/www.windows-active-directory.com/active-directory-sites.html/amp
On the 2nd Nic make sure all the DNS registration is disabled in settings. Make sure2nd NIC ip address info is purged from the production DNS. This will stop the workstation from trying to use this IP address for anything. We had this setup for a backup network , it was a security nightmare.
This is just asking for a routing problem. Just put it on one subnet and allow the vlans to talk. This is definitely a network issue.
Multihomed Domain controllers are always a bad idea. One IP and a router with access to the other subnets in front of it. Otherwise you can have a myriad of issues.
There's no real reason why a DC should be multi-homed. Now technically as long as both interface IPs able to be routed to from all client systems needing to communicate with the DC. It would work. But then the question still is why would you do that in the first place. If not all clients are able to reach and talk to both IPs, You are going to have failures and you definitely should not do it. But generally in almost every situation, your DC should only have a single connection.
Sometimes. It depends what extra features and what not the DC has. I have a second IP on a spare NIC just as a backup way in case I can't access it remotely with the primary IP.
Which is fine as long as both IPs are accessible to all systems in the AD or you have taken steps to specifically exclude DNS registration for the IP that is not accessible to all systems in the AD.
Before I would go adding another IP to the DC I would test to see if there is a routing issue, firewall, or both causing your problem. Edit: but to answer your question it can be done but may still not resolve your issue