Currently I have a network separated into two vlans and all the IP addressing is done statically; we are planning to put into place a domain controller and DHCP.
My questions are
Does the domain controller have to have one physical network connection for each VLAN?
Same question for the DHCP server?
If not how would this be done?
If they don’t need to have separate individual connections to each vlan, what vlan would it be best to put it on? One of the two existing vlans or its own separate one? (the domain controller will have a backup)
To my knowledge the DHCP can be done using the IP Helper settings on our Cisco router but I’m unsure as to where the DHCP server need to be located (what vlan) for this to work.
Best Answer
No, Your Domain Controller does not need to have a network interface for each VLAN. What you will want to do though is setup each VLANs subnet in the MMC Active Directory Sites and Services console and associate them with your "site". This will associate any domain PC on these subnets as being in your AD "site".
You are correct with the DHCP server. It can be on either subnet but you will need to setup the helper-address on your router to point to the IP of the DHCP server. This will enable BOOTP forwarding on the router and allow the DHCP requests to be passed through the VLANS to the correct subnet/ DHCP server.
On your DHCP server setup a scope for each subnet. Make sure you authorize the DHCP server in AD by right clicking it in the DHCP MMC console and selecting "authorize". You will need Enterprise Admin rights to do this.
Also, considering that you already have your subnets set statically with IPs you may want to enable conflict detection on your DHCP server. This will make the DHCP server try to ping an address before handing it out. You can do this by right clicking "IPv4" under the server in the DHCP console and going to the advanced tab. Then set the number of attempts (1-2). Keep in mind that this will delay the handout of IPs while it waits for a response.