We have a rather large international domain that at the moment is a flat domain structure, everything is part of Globaldomain.net. We do have sites setup for each location with different subnets and everything is connected VIA CISCO equipment, and we are constantly adding new locations and closing old ones (closing old ones is not a problem)
Our current procedure for a new site is to setup the DC in our server room at HQ allow full replication and install other required software such as AV and mail server. We then ship the server to where ever it is going (drives shipped separately or hand carried later). And that is the problem. Often a server will get tied up in shipping or customs somewhere and may not make it to the final destination for up to two months, and then once it is there a tech has to go out and setup the VPN tunnel and connect the DC to the network, but by then replication will no longer work due to tombstone, expired kerberos password, lingering objects, and anything else you want to throw out there.
Most of the techs know how to handle these problems but it can cause significant delays in setting up a site, and in my case I got to a site that had a DC that was built and shipped before I was hired so my account did not exist on it (no replication) and I could not fix any of the problems. We are looking at a few options to implement in the future including; promoting the server to a DC once it is in the field using a backup copy of AD (to prevent massive replication over the WAN), and going to a parent/ child domain structure. Unfortunately both options, while mine to research, document, and prepare are at least a year down the line so we need a solution for now.
Does anyone know of any steps that we can do to help prevent things like expired kerberos passwords for a DC that has been off line for long periods of time and the other problems I mentioned above.
Start Free Trial
