VPN 5 sites together, AD questions

Posted on 2004-11-01
Last Modified: 2012-05-05
The company I work for has 5 sites running a mixture of ISDN and fractional T1 lines. We have created the site to site VPN tunnels between all of these places. We are running a mixture of PRO 230's, TZ170's, and PRO 2040's. This is our first attempt at this so keep that in mind : )

All 5 of these sites have their own domain controller. The domain controllers at these 5 sites all individually have unique I.P. address ranges, and each DC handles all 5 FSMO roles for just the site they are at. Nothing too complicated just the basic setup. DNS is also AD integrated at each site.

I need a user sitting behind site1 to be able to connect to a server at sites 2-5 using his or her user authentication from site1 DC.

I am now trying to create trusts between all 5 Domain Controllers. I am not sure if this is the best way to do things? In order to create trusts 2 ways between sites I needed to add each sites DNS zones into all the other sites Domain Controllers DNS. Then I must enable netbios to pass through the VPN tunnel. Then and only then can I add the trusts in AD in both directions. From what I understand this might take up a lot of bandwidth. Am I going about this the right way? Is their a better way of going about this? Does anyone have any advise as far as do's and don’ts?

Question by:DMS-X
    LVL 3

    Expert Comment

    Is the domain name the same among all 5 DC's?
    LVL 1

    Author Comment

    LVL 9

    Accepted Solution

    1) Instead of the DNS solution you're considering, if IPs stay fairly static, you may want to consider modifying the hosts file on each server to point to the other ones as necessary.  This would minimize WAN traffic.

    2) Yes, you need trusts: set this up in Active Directory Domains and Trusts.  I am not 100%, but I would try it first without netbios that you're referring to.

    3)  Trusts will allow users to log into the other domains, or allow you to assign their accounts in one domain access to resources in another domain.  It sounds like you want 2-way trusts so users can access each other's domains.  As long as you are careful in granting permission, this doesn't necessarily open a domain up wide to another domain.

    If this is for admin purposes, you can add the domain admins from one domain into the domain admins group for the other domains....

    Good luck


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Cisco Complete Network Certification Training

    If you’re an IT engineer or technician, it's time you take your career to the next level. This elite training bundle is brimming with all of the information you need to learn to sit for Cisco CNNA, CCNP, and CCENT certification exams.

    Lets look at the default installation and configuration of FreeProxy 4.10 REQUIREMENTS 1. FreeProxy 4.10 Application - Can be downloaded here ( 2. Ensure that you disable the windows fi…
    This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

    846 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    12 Experts available now in Live!

    Get 1:1 Help Now