Announcement

Collapse
No announcement yet.

Single Domain, Multiple Sites

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Single Domain, Multiple Sites

    Hi All

    I would like to know if its possible to have a Remote Site connect to the Active Directory at the main Site without having a second DC at the remote site. This means that the pcs in the remote site would get an ip address from a different subnet but from AD in the main site. This is the scenario:

    Site A is the main site with Active Directory, AD1. This has DHCP, DNS configured. The subnet configured is 10.2.0.0/16.

    Site B is a remote site. There are about 15 users in this site.

    Site A and Site B both have a Cisco Router managed by the ISP and are connected via the ISP's VPN Network.

    I need to configure Site B such that it gets an IP from the AD1 at Site A and can also access file resources on the Servers in Site A. Routing is not an issue and will be taken care of by the ISP. They have asked me to assign another Subnet for Site B in AD1. I am not sure how to configure this so that Site B can communicate with AD1. I do not have an option of putting a Second DC in Site B and configuring that in Active Directory Sites and Services.

    Please advice on the above. Thanks All.

  • #2
    Re: Single Domain, Multiple Sites

    Certainly it is possible, with a good VPN -- in fact this is how you set up a remote site.

    With RODCs, though, do you want this -- I would prefer the security of a DC at the local site.

    Basically, set up another site and subnet in ADSS and make sure the DC in the parent site can ping the second site.

    Watch out for DHCP -- that may need to be local to the second site
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: Single Domain, Multiple Sites

      Thanks for your reply....

      The VPN Connection from the ISP is pretty good and fast. The thing is I don't want to put another local server at the Remote Site. Without any server on the remote site and users connected to a switch and then a Cisco 1800 Router (managed by ISP) how can i connect them to the Parent Active Directory. Whats the configuration i need to do at the Parent Site as well as at the Remote Site.

      Comment


      • #4
        Re: Single Domain, Multiple Sites

        Setting up the remote site and subnet in ADS&S isn't going to achieve a whole lot if there aren't any AD aware applications or resources in the remote site (DC/GC, Exchange, DFS). That being said, I personally consider it good practice to set up all sites and subnets in ADS&S even if there are no resources in the remote site.

        As for connecting the remote site to the home office, you need to make sure that all of the relevant protocols are allowed across the VPN connection. This includes, but is not limited to, LDAP, Kerberos, DNS, SMB, NetBIOS (unless you're strictly using DNS and have NetBIOS over TCP disabled), etc., etc.

        Comment


        • #5
          Re: Single Domain, Multiple Sites

          Hi joeqwerty

          Thanks for the response. I will definitely set that up a different subnet and site in AD S& S in the parent location. Also I will enable all protocols via VPN. But is that the only configuration required in Parent AD. When the DHCP requests are forwarded from Site B Router to the Parent Site DHCP (Site A) how will it know which subnet to allocate to those Remote Users. Is there any other configuration to be done in the AD or ADS&S.

          Comment


          • #6
            Re: Single Domain, Multiple Sites

            There's no configuration needed on your DHCP server other than having a scope configured for the remote LAN. On the remote LAN you need to have a DHCP relay agent installed and configured (usually on the router). The DHCP relay agent takes the DHCP client broadcast and transmits it to the server via unicast. The DHCP relay agent uses it's ip address (the ip address of the interface that the DHCP broadcast was received on) in the unicast packet and the server allocates an ip address from the scope corresponding to that subnet.

            Comment


            • #7
              Re: Single Domain, Multiple Sites

              Hi joeqwerty

              Thanks for the response. That will be really helpful for me. I will connect that remote site today or tomorrow and will post my experience here. Thanks again.

              Comment


              • #8
                Re: Single Domain, Multiple Sites

                Glad to help. Keep us posted on how you make out with everything.

                Comment


                • #9
                  Re: Single Domain, Multiple Sites

                  Hi All

                  I have allocated a different Subnet 10.15.0.0/16 for the Site B. The DHCP Server at Site A is 10.2.0.200. The following is what ISP is saying:

                  I’ve assigned 10.15.0.1 to the router at Site B.
                  I’ve also configured the Site B router to forward DHCP requests to 10.2.0.200 (Site A AD & DHCP). These will be forwarded to the DHCP server from a source address of 10.15.0.1.

                  Can you configure a DHCP pool on your DHCP server that matches the source of the DHCP request from 10.15.0.1 (note the DHCP request will still contain the original mac-address of the requesting host in case you want to match that and assign static IP’s). The server must then respond with an IP in the 10.15.0.0/16 range, with a default route of 10.15.0.1 and any other settings you’d like to assign such as DNS servers, domains etc.

                  Once you’ve done this, you can test it all out using a laptop connected to the Router.


                  How do I configure the above on the DHCP Server that the ISP is asking me to do. I have configured Site B in AD S&S.

                  Thanks.

                  Comment


                  • #10
                    Re: Single Domain, Multiple Sites

                    The ISP has taken care of configuring the DHCP relay agent on the router so all you have to do is to create a new DHCP scope in your DHCP server for the site B subnet with the appropriate scope options. One example would be:

                    Address Pool: 10.15.0.100 - 10.15.0.199 Subnet Mask: 255.255.0.0
                    Router: 10.15.0.1
                    DNS Server(s): 10. 2.0.200

                    Comment


                    • #11
                      Re: Single Domain, Multiple Sites

                      Hi joeqwerty

                      Thanks for all your help. I configured the DHCP Scope and Site B is all up and running. Thanks Again.

                      Regards
                      Vish.

                      Comment


                      • #12
                        Re: Single Domain, Multiple Sites

                        Glad you got everything working and glad to help.

                        Comment


                        • #13
                          Re: Single Domain, Multiple Sites

                          Hi All

                          Now that I got my Site B working, I am unable to ping any of the computers from Site A. I can reach the Router for Site B. This is affecting a few applications such as Trend Antivirus being offline. The following is the scenario:

                          Site A: 10.2.0.0/16

                          Site B: 10.15.0.0/16

                          Configured the above in Active Directory Sites and Services. Unable to ping any of the computers on 10.15. range and they are unable to ping Site A as well. Please advice.

                          Comment


                          • #14
                            Re: Single Domain, Multiple Sites

                            Sounds as if your router isn't!
                            Tom Jones
                            MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                            PhD, MSc, FIAP, MIITT
                            IT Trainer / Consultant
                            Ossian Ltd
                            Scotland

                            ** Remember to give credit where credit is due and leave reputation points where appropriate **

                            Comment

                            Working...
                            X