VPN 5 sites together, AD questions

The company I work for has 5 sites running a mixture of ISDN and fractional T1 lines. We have created the site to site VPN tunnels between all of these places. We are running a mixture of PRO 230's, TZ170's, and PRO 2040's. This is our first attempt at this so keep that in mind : )

All 5 of these sites have their own domain controller. The domain controllers at these 5 sites all individually have unique I.P. address ranges, and each DC handles all 5 FSMO roles for just the site they are at. Nothing too complicated just the basic setup. DNS is also AD integrated at each site.

I need a user sitting behind site1 to be able to connect to a server at sites 2-5 using his or her user authentication from site1 DC.

I am now trying to create trusts between all 5 Domain Controllers. I am not sure if this is the best way to do things? In order to create trusts 2 ways between sites I needed to add each sites DNS zones into all the other sites Domain Controllers DNS. Then I must enable netbios to pass through the VPN tunnel. Then and only then can I add the trusts in AD in both directions. From what I understand this might take up a lot of bandwidth. Am I going about this the right way? Is their a better way of going about this? Does anyone have any advise as far as do's and don’ts?

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Is the domain name the same among all 5 DC's?
DMS-XAuthor Commented:
1) Instead of the DNS solution you're considering, if IPs stay fairly static, you may want to consider modifying the hosts file on each server to point to the other ones as necessary.  This would minimize WAN traffic.

2) Yes, you need trusts: set this up in Active Directory Domains and Trusts.  I am not 100%, but I would try it first without netbios that you're referring to.

3)  Trusts will allow users to log into the other domains, or allow you to assign their accounts in one domain access to resources in another domain.  It sounds like you want 2-way trusts so users can access each other's domains.  As long as you are careful in granting permission, this doesn't necessarily open a domain up wide to another domain.

If this is for admin purposes, you can add the domain admins from one domain into the domain admins group for the other domains....

Good luck


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.