Configuring the AD Site Topology for Non-Routed Networks
Over the past year, I have been in a number of conversations about setting up Active Directory Sites and Services in a network that is not fully routed. Articles exist on the subject — some from Microsoft and some not. All the articles seem to skip a step or don’t linger on a detail I’d like to expand on.
The question of “How do I configure Active Directory in a non-routed environment?” isn’t uncommon. With more organizations segmenting out their networks, with more B2B contracts encouraging companies to play well with one another, or whatever the need to ensure that AD plays across confusing site designs is imperative.
Fortunately, there resources and articles out that detailing just this sort of thing. Unfortunately, like all things, they are often incomplete or gloss over an important step. Even more unfortunate, with Microsoft’s recent drive to remove “outdated” documentation some of the gems of the past have gone missing. I hope to give some insight into how to configure AD to work with non-routed or poorly routed networks. I will focus on the Sites and Services side and give some guidance on the GPOs, firewall policies, and as many details that make sense as I dig into it.