Active Directory
I am in the process of configuring a win 2008 server to put at one of our remote locations. Our domain controllers are win 2003 servers. At the moment we have one main location and a number of remote locations that that connect back to the main site via site to site vpn tunnels for the purposes of accessing network shares and resources as well as web filtering using websense. I want to have one location do their own web surfing (http, https) without coming back to the main location except for accessing shares and resources (email, home directories, etc). I want the server to run AD and DNS so I can install a separate instance of websense and integrate it with AD. I notice that 2008 has a RODC option. Would this work? I am trying to determine what is the best way to install the new server at the remote location. I know the router has to be reconfigured. Any advice on the server side woud be appreciated. Thanks
RODC is generally used if you are worried about physical security of the box, it is only one way replication but you can cache credentials of local users on it.
You could setup the 2008 DC/DNS/GC and have it forward "all other domains" to another DNS server. It could also use root hints for intenet queries. It will have a copy of your domain (AD Integrated DNS) so it will already be able to answer for those.
You will also want to create an AD site for that remote location.
You will need to prep your forest/domain for the 2008 DC.
Thanks
Mike
You could setup the 2008 DC/DNS/GC and have it forward "all other domains" to another DNS server. It could also use root hints for intenet queries. It will have a copy of your domain (AD Integrated DNS) so it will already be able to answer for those.
You will also want to create an AD site for that remote location.
You will need to prep your forest/domain for the 2008 DC.
Thanks
Mike
ASKER
Would the RODC option be any good for the remote DC?
ASKER
I did the prep already. What do you mean by an AD site?
Meaning in sites and services create a site for the remote office and associate the subnets for it. That way users in that site will try and use the local DC for authentication.
you would setup a site link between the hub and HQ site for replication.
Thanks
Mike
you would setup a site link between the hub and HQ site for replication.
Thanks
Mike
ASKER
If I created a site for that location how would that affect my current setup. Currently all my sites are in the same Default First Site including the site I want to install the sever at.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
So if they are all in the same site the clients may or may not use the local DC for authentication. If you create an AD site it will try to use a DC in its local site first.
Thanks
Mike
Thanks
Mike
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I see I see. Is there a good how to procedure I could look at? Other than creating policies, groups, accounts and adjusting email properties I have never done this.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks Wardy 01 but this link is for creating groups in AD. I am looking for creating sites in AD.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ok. Thanks mkline71. It looks straight foward. Is it ok to configure the new DC at the main location and then bring it to the remote location and change it's IP?
yes that is fine, when you change the ip restart the netlogon service so that it registers the new IP in DNS.
Thanks
Mike
Thanks
Mike
ASKER
Ok. Thanks. The users will still be able to access their emai and home directories located on the main office as before correct?
Yes.
ASKER
Great. You EE guys are great. All of you. Best investment I ever made.
Thanks!
Thanks for the great feedback, glad we could help.
By the way if you want to read the nitty gritty details on how DCs are located check out this KB article
http://support.microsoft.com/kb/314861
Thanks
Mike
By the way if you want to read the nitty gritty details on how DCs are located check out this KB article
http://support.microsoft.com/kb/314861
Thanks
Mike
ASKER
Thanks for all the help.
So do the install as you normally would on the remote DC and that proxy server then talks directly to the net then all remote users at the site would then have their browsers configured to talk to that proxy server instead of the main one.
Nothing more needed :)