1

We have a local LAN with devices/clients all using 192.168.100.x range We have a remote site in the cloud all using the same range

We have a VPN between the two sites, with NAT at both sides:

  • local site: NAT 192.168.104.x -> 192.168.100.x
  • remote site: NAT 192.168.10.x -> 192.168.100.x

We have a domain control locally (lets just say 192.168.100.60) and we want to setup a remote domain controller (192.168.100.61) however we cannot seem to connect to the local DC from the remote server. The remote server has 2x network adapters, which I'm not sure is causing some issues. The error I get when adding a controller to an existing domain is 'an active directory domain controller for the domain "domainname" could not be contacted'

Is there a better way of setting this up? I fear this method could cause confusion with the NAT in the middle, but to change our subnet is a huge task

All DCs are Windows server 2016

falter
  • 111
  • 2
  • 1
    This is not supported (that I'm aware of, at least). But not supported doesn't mean it won't work. Are your remote site clients domain joined to the DC on the local site? Do you even have remote clients? You should make sure that the [ports](https://technet.microsoft.com/en-us/library/dd772723(v=ws.10).aspx) for AD connection / replication are open. Two NICs _can_ be trouble, but usually it works. Maybe try to disable one for the time being. – Lenniey Sep 28 '17 at 15:32
  • @Lenniey The remote site hosts several servers which are not yet connected to the domain. The firewall between the two sites is open and I can ping the local DC from the remote DC via IP address – falter Sep 28 '17 at 15:39
  • Check - and maybe disable - the Windows firewall, too. As I see, your clients / servers on both sites should _"think"_ they are on the same local subnet, correct? – Lenniey Sep 28 '17 at 15:43

1 Answers1

0

So you want to have the same domain have domain controllers on both sides of this NAT? You can have communication working between these two networks, but if you try to set up a shared domain across them, the DNS will hold the REAL IP values for the opposite domain controllers. This will then make both of them think that the other domain controller is on the same subnet, and you will soon be running into more problems than changing the subnet.

You may be able to add a subnet and find some level of what can stay and what would need to be on non-NAT addressing.

Cory Knutson
  • 1,876
  • 13
  • 20