Announcement

Collapse
No announcement yet.

Project AD

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Project AD

    Hello All
    A little background

    I work for a company and we have a workgroup of 85 computers using XP as clients and server 2003 r2 for a pop3 email server and a file storage server

    I have been given the approval to create our domain finally
    i have purchased the train signal dvds to upskill myself for the new servver edition

    i have built my hardware and now i have some questions

    I have a Cisco router set up no my ip range is Static

    When users VPN in they connect to the Cisco for network access via IP as no name resolution over VPN tunnel unless adding the server name and IP address to the lmhosts / hosts file.

    I have 20 or so users who have laptops that use the cisco VPN dialer to connect to the office.
    currently they all have DHCP as the primary setting and when it fails they revert to there standard IP and DNS settings in the alternate settings.

    My questions arrise when i think about connecting to the domain controller

    when a user logs in they will not be connected to the network until they dail in using the cisco vpn client.

    laptop users will need the rights to change tcp/ip settings so when they are not in the office they can access dhcp to connect to the internet to vpn in.

    my questions are
    when a user is remote and they have looged in and then connected to the VPN how will the laptops connect to the DC as no name resolution over the vpn and they will be using DHCP DNS settings.
    Will the client talk to the DC over the VPn as i have some users who work remotly and they will need to download updates and password changes from the DC.
    how will the clients connect to the DC if connected remotly for example when its time to change the password????
    Secondly
    i will set up exchange as my next project.


    there is no info on roaming profiles in the DVD set i bought and just wondered how to set this up in a new months time as when i create the user account in the AD users will need to retain there desktops and i wil need to re-direct my docs folder to a share over the vpn also..


    Hoep i did not babble to much

    When a user VPN in they get given a IP on a different Subnet and the traffic is routed to the internet network.
    Can the cisco be set so the VPN can give DNS Server or will i have to make users use my dns servers when they dail in???
    Thanks in advance
    Last edited by ZR_Seanie; 6th March 2009, 00:03.

  • #2
    Re: Project AD

    I just performed a test

    If i set my Home PC to Outside dns servers i cannot ping test-domain-test.local which i can ping if i use the new dns servers i set up

    so my dilema appears to be

    i cannot access the domain remotly when users use different DNS settings for there network adapters so there machines will not contact the DCs when they work remotly.

    How can i overcome this.


    2nd Test

    Using ipconfig /all my cisco network adapter gets a dns server the is different from my dns server
    when i change this i can ping test-domain.test.local

    is the awnser to have my cisco vpn settings changed???

    also if i use the hosts file to add the entry and ip of the DC i get a responce from PING, will the make the connection ok for DC/Client communication??
    Last edited by ZR_Seanie; 6th March 2009, 00:38.

    Comment


    • #3
      Re: Project AD

      85 clients in a workgroup?
      Was it set up by a masochist or a sadist
      IMHO get the inside working fully then worry about the VPNs
      Tom Jones
      MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
      PhD, MSc, FIAP, MIITT
      IT Trainer / Consultant
      Ossian Ltd
      Scotland

      ** Remember to give credit where credit is due and leave reputation points where appropriate **

      Comment


      • #4
        Re: Project AD

        Originally posted by Ossian View Post
        85 clients in a workgroup?
        Was it set up by a masochist or a sadist
        IMHO get the inside working fully then worry about the VPNs
        hi there Ossian
        That was nothing
        When i first started here they had 50 users in a workgroup with one server running sage, file shares, termianl services, and a host of other tasks plus (no anti-visur solution )on a 1.4 Ghz server

        i have finally got them to spend some money and now i have 3 servers and a nice Brand new HP quad core ready to become my DC.

        Comment


        • #5
          Re: Project AD

          Originally posted by Ossian View Post
          85 clients in a workgroup?
          Was it set up by a masochist or a sadist
          IMHO get the inside working fully then worry about the VPNs
          i have also looked at my Cisco Running-Config this morning and i can see that is assigns a DNS of our USA branch, which if i have changed to my local lan should allow DNS over the VPN for client / server communication.

          Thanks

          Comment


          • #6
            Re: Project AD

            Originally posted by ZR_Seanie View Post
            hi there Ossian
            That was nothing
            When i first started here they had 50 users in a workgroup with one server running sage, file shares, termianl services, and a host of other tasks plus (no anti-visur solution )on a 1.4 Ghz server

            i have finally got them to spend some money and now i have 3 servers and a nice Brand new HP quad core ready to become my DC.
            Ouch!

            btw, you may want to use a lower spec machine for a DC and keep the quad core for some more intensive tasks
            Tom Jones
            MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
            PhD, MSc, FIAP, MIITT
            IT Trainer / Consultant
            Ossian Ltd
            Scotland

            ** Remember to give credit where credit is due and leave reputation points where appropriate **

            Comment


            • #7
              Re: Project AD

              i had thought of this before but i wanted my 1st DC to be high Spec running on its own and the second to run exchange and DC and my third to run DC and File storage.

              Comment


              • #8
                Re: Project AD

                Dont combine DC and Exchange on the same server (definite no-no with Exchange 2003 and, IIRC the same with 2007)
                If you are running Server 2008, IMHO look at virtualising all but the main DC -- there is a post somewhere on the forums with capacity planning for DCs but with <100 clients, you wont need much
                Tom Jones
                MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                PhD, MSc, FIAP, MIITT
                IT Trainer / Consultant
                Ossian Ltd
                Scotland

                ** Remember to give credit where credit is due and leave reputation points where appropriate **

                Comment


                • #9
                  Re: Project AD

                  now this will be my first exchange set up, i have read many items that say that exchange needs active directory to work and relies on it.?

                  So does exchange 2007 run on a member server rather than a DC?

                  Comment


                  • #10
                    Re: Project AD

                    Originally posted by ZR_Seanie View Post
                    now this will be my first exchange set up, i have read many items that say that exchange needs active directory to work and relies on it.?

                    So does exchange 2007 run on a member server rather than a DC?
                    Microsoft do not recommend installing Exchange server on a DC and a one time, and may still be the case, won't support it.

                    Yes, best on a member server. It will be worth you researching SPNs as well as Exchange 2007 uses those for connecting to DCs. Also, if you install Exchange 2007 on a server that has been a DC but demoted, you will also need to reconfigure SPNs, so they point to other DCs rather than itself, thinking it is still a DC. I had that issue.

                    http://windowsitpro.com/article/arti...ns-part-1.html

                    Comment


                    • #11
                      Re: Project AD

                      Originally posted by ZR_Seanie View Post
                      now this will be my first exchange set up, i have read many items that say that exchange needs active directory to work and relies on it.?

                      So does exchange 2007 run on a member server rather than a DC?
                      You dont need every server to be a DC!
                      With a single site domain you need 1 DC, preferably 2 for redundancy
                      All other servers (and clients) talk to the DC(s) when they need to
                      Tom Jones
                      MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                      PhD, MSc, FIAP, MIITT
                      IT Trainer / Consultant
                      Ossian Ltd
                      Scotland

                      ** Remember to give credit where credit is due and leave reputation points where appropriate **

                      Comment


                      • #12
                        Re: Project AD

                        Hello
                        and thanks guys that helps me no end

                        and saves me alot of work installing DC's

                        i will now only have 2 DC's as planned in my original plans.

                        Comment

                        Working...
                        X