Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


VPN 5 sites together, AD questions

Posted on 2004-11-01
Medium Priority
Last Modified: 2012-05-05
The company I work for has 5 sites running a mixture of ISDN and fractional T1 lines. We have created the site to site VPN tunnels between all of these places. We are running a mixture of PRO 230's, TZ170's, and PRO 2040's. This is our first attempt at this so keep that in mind : )

All 5 of these sites have their own domain controller. The domain controllers at these 5 sites all individually have unique I.P. address ranges, and each DC handles all 5 FSMO roles for just the site they are at. Nothing too complicated just the basic setup. DNS is also AD integrated at each site.

I need a user sitting behind site1 to be able to connect to a server at sites 2-5 using his or her user authentication from site1 DC.

I am now trying to create trusts between all 5 Domain Controllers. I am not sure if this is the best way to do things? In order to create trusts 2 ways between sites I needed to add each sites DNS zones into all the other sites Domain Controllers DNS. Then I must enable netbios to pass through the VPN tunnel. Then and only then can I add the trusts in AD in both directions. From what I understand this might take up a lot of bandwidth. Am I going about this the right way? Is their a better way of going about this? Does anyone have any advise as far as do's and don’ts?

Question by:DMS-X
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Expert Comment

ID: 12467639
Is the domain name the same among all 5 DC's?

Author Comment

ID: 12468325

Accepted Solution

blakogre earned 2000 total points
ID: 12470095
1) Instead of the DNS solution you're considering, if IPs stay fairly static, you may want to consider modifying the hosts file on each server to point to the other ones as necessary.  This would minimize WAN traffic.

2) Yes, you need trusts: set this up in Active Directory Domains and Trusts.  I am not 100%, but I would try it first without netbios that you're referring to.

3)  Trusts will allow users to log into the other domains, or allow you to assign their accounts in one domain access to resources in another domain.  It sounds like you want 2-way trusts so users can access each other's domains.  As long as you are careful in granting permission, this doesn't necessarily open a domain up wide to another domain.

If this is for admin purposes, you can add the domain admins from one domain into the domain admins group for the other domains....

Good luck


Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
Tech spooks aren't just for those who are tech savvy, it also happens to those of us running a business. Check out the top tech spooks for business owners.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question