ADSS Question

[Shambler]

I'm setting up AD Sites and Services for a new domain. We have 3 subnets at one physical site.
LAN, WIFI, Voice

Should I or should I not add the Voice subnet to the AD site for that physical location?

Unless I'm mistaken, since there will only be phones on that subnet, there is no need to add it. There will be no objects checking in to AD on where to go for XYZ resources.

Thoughts?

 

[jpochedl]

Do you have multiple sites that are reachable across the WAN? If no, then it doesn't matter.....

If Yes: The subnets are used to allow the clients to find the closest DCs in an environment with multiple sites (among other things, like setting replication intervals, etc... not really applicable to the discussion). If you don't put the VOIP subnet in for the site, then if (somehow) a windows client does end up on the VOIP subnet, they could go off to another site for authentication (GPOs, etc).

As you said, a client should realistically never end up on the VLAN/subnet for VOIP, so it probably won't matter. But say you do want to put your desktop /laptop manually on that subnet (for testing, monitoring, whatever) and you want to make sure you're not traversing the WAN for authentication... Assuming the subnets are routed to each other, your laptop will still try to find an AD controller. In that case, the laptop could go across the WAN to perform its login, etc. Then it might be a good idea to have the subnet in the AD site to prevent this. Certainly an edge case, and maybe not a big deal depending on how your sites are setup (or limited GPOs and other things which need processed by an AD controller).

FWIW.. I've got about a dozen VOIP /24 subnets at my main site. I just setup an inclusive /20 subnet in ADS&S to cover them all, with a similar entry for the data subnets. Depending on how your IP addressing is setup between the LAN and WAN, you could maybe do something similar...?