Managing an Active Directory Environment With Thousands of Subnets
Most of us know that we need to create subnet objects and associate them to site objects in our Active Directories. This keeps clients in Site A authenticating to domain controllers in Site A, getting correct DFS referrals, etc.
How do I manage this in an environment with thousands of subnets? Literally, thousands of subnets that are ever-evolving, being added to and taken away.
Ideally, the answer should not be "hire 50 administrators."
You don't need to create a new subnet for every single Layer 3 subnet that the network people create. Instead, create subnets corresponding to the IP address allocations for the entire site.
Here's a quick example.
Say you have two sites. Let's call them "New York" and "Mountain View". New York's entire IP allocation is 10.187.128.0/22. Mountain View has 10.187.132.0/22, but it also has some old cruft hanging around in 10.244.0.0/16.
The network guys will divide all those addresses into tiny subnets of as small as /29, there will be thousands of them, but they're all contained within those supernet blocks.
Within AD, though, the New York site only needs the one subnet defined, and the Mountain View site only needs the two subnets defined. They cover all the possible IP addresses within their respective blocks.
好了,我們知道了AD Site可以使用超網包含劃分的小的網絡,那微軟的另外一個產品SCCM森林的發現AD Site然後自動創建邊界(如下圖),請問SCCM支持超網嗎(supernet)
答:configuration manager 不支持超網作爲邊界。相反,使用IP地址的邊界類型。當活動目錄的森林發現給AD Site分配的超網,configuration manager轉換超網爲IP地址範圍的邊界。
http://jimmoldenhauer.blogspot.com/2013/05/sccm-2012-configuring-boundaries.html