Announcement

Collapse
No announcement yet.

Remote site - single domain

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Remote site - single domain

    Hi there,

    Many of MS's examples it explains setting up a branch office on a child domain, even though this is great, can be a bit complicated for smaller environments.

    Most installations of remote sites always talk about setting up the DC on the HQ and then shipping it to the required location, what if this is not possible?

    Say we have Site 1 - New York with the following settings.

    Server 2008 Standard on all DC's

    NY-DC1-WK2 - AD/DNS/DHCP
    192.168.10.2 = IP
    192.168.10.2 = DNS1
    192.468.10.3 = DNS2

    NY-DC2-WK2 - AD/DNS
    192.168.10.3 = IP
    192.168.10.2 = DNS1
    127.0.0.1 = DNS2

    Then we acquire Site 2 - Chicago

    This will have 20 users.

    We will install two Domain Controllers for redundancy, link between offices is hardware VPN, good speed.

    DHCP is currently done via Router

    192.168.20.1 = default gateway and DNS.

    CH-DC1-WK2 = First Domain Controller - AD/DNS/DHCP

    192.168.20.2 = IP

    What's the best way to configure the first DC on a remote site?

    Would you use the DNS of the main sites DNS (192.168.10.2) and then change it?

    Obviously you would create a different site and create the subnet before doing this.

    Any suggestions really grateful.

    Many thanks in advanced,

    G.
    Last edited by gabi_cavaller; 17th February 2010, 14:10.

  • #2
    Re: Remote site - single domain

    So what is your question?
    You can promote it over there and replicate it over the VPN network.
    You can install and promote the DC at the main office and ship it...
    You can install and promote a DC at the remote site and install AD using backup...
    Marcel
    Technical Consultant
    Netherlands
    http://www.phetios.com
    http://blog.nessus.nl

    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"

    Comment


    • #3
      Re: Remote site - single domain

      I suggest this excellent Train Signal Lab that deals word for word exactly with your question.
      http://www.trainsignal.com/Windows-S...ining-P34.aspx
      1 1 was a racehorse.
      2 2 was 1 2.
      1 1 1 1 race 1 day,
      2 2 1 1 2

      Comment


      • #4
        Re: Remote site - single domain

        Personally, as long as the VPN is functioning, I have not had any issues with creating a DC at a remote site.
        The only issue is that you will need to use DNS names, not NETBIOS ones if there is a choice
        As long as you wait a fair length of time for replication to work, and ensure DNS is replicating OK, all will be well if you follow the normal procedure
        Tom Jones
        MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
        PhD, MSc, FIAP, MIITT
        IT Trainer / Consultant
        Ossian Ltd
        Scotland

        ** Remember to give credit where credit is due and leave reputation points where appropriate **

        Comment


        • #5
          Re: Remote site - single domain

          It does within reason, however, the example they give is using a child domain, I am using one domain for all sites. Additionally, it doesn't show the TCP/IP settings for the First Domain Controller in the remote site

          Originally posted by biggles77 View Post
          I suggest this excellent Train Signal Lab that deals word for word exactly with your question.
          http://www.trainsignal.com/Windows-S...ining-P34.aspx

          Comment


          • #6
            Re: Remote site - single domain

            My question is, what are the settings of the first DC in a remote site. Replication will be via VPN.

            Bit more of an explanation below



            Originally posted by Dumber View Post
            So what is your question?
            You can promote it over there and replicate it over the VPN network.
            You can install and promote the DC at the main office and ship it...
            You can install and promote a DC at the remote site and install AD using backup...
            Last edited by gabi_cavaller; 20th February 2010, 14:20.

            Comment


            • #7
              Re: Remote site - single domain

              Exactly.

              The reason why I am asking is, that when you create a DC on a remote site, not from a backup or anything, from a fresh install, when you run DCPROMO, you need to point your DNS settings to an existing DC. One you have converted the server into a full DC with DNS, the DNS settings should automatically change from pointing to the existing DC to itself. This has not happened.

              The issue I have is, that unfortunately, even though the DC is fully installed, the DNS settings are still pointing to the DNS server in the "main" office. I have never encountered this before.

              Does this make sense?

              So where would one go from here, sure, I can change the DNS settings to point to itself, however, what about all the DNS queries from the local members, any requests will go to the local DC and then those requests will be pushed over the VPN to the "main" site DC?

              Additionally, the initial replication went well, pulled all the OU's and everything accordingly, however, any changes that where made to the AD on either site, did not replicate.

              Strange.

              Thanks again for your time taking to reply.

              Originally posted by Ossian View Post
              Personally, as long as the VPN is functioning, I have not had any issues with creating a DC at a remote site.
              The only issue is that you will need to use DNS names, not NETBIOS ones if there is a choice
              As long as you wait a fair length of time for replication to work, and ensure DNS is replicating OK, all will be well if you follow the normal procedure

              Comment


              • #8
                Re: Remote site - single domain

                DNS settings are bound to the network adaptor and will not automatically change
                It is one of your post install tasks, after you have installed DNS on the remote DC and allowed it to replicate -- you change the LAN card settings to give localhost as the main DNS and the central site DC as secondary

                You would also install DHCP on the new DC and set up the same DNS options -- local DC first, central DC second and maybe local router (if it supports DNS) as a 3rd fallback option
                Tom Jones
                MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                PhD, MSc, FIAP, MIITT
                IT Trainer / Consultant
                Ossian Ltd
                Scotland

                ** Remember to give credit where credit is due and leave reputation points where appropriate **

                Comment


                • #9
                  Re: Remote site - single domain

                  Ossian, thanks.

                  That's great.

                  Comment

                  Working...
                  X