Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 170
  • Last Modified:

AD in New 2003

Just installed Windows 2003 server.(will place in test environment before deployment).  Looking for documentation, links, on step by step instructions to setup typical active directory environment on brand new LAN network. Additionally, would like suggestions or recommendations, tips, caveats, etc., regarding AD with the following general network environment: Network is single domain(only one server). Network includes 100 users, 80 local(LAN), 20 via 7 branch offices(WAN) connected site-to-site VPN(behind firewall and NAT, and all on different subnet). All users required to login to main server(DC),for scripts and DNS. Organization has 5-6 different departments. Branch offices(subnetted) will use local device(firewall) for dhcp or manual ip config. All offices access internet via ISP using one IP behind NAT. THANKS.
0
mmm5
Asked:
mmm5
  • 3
  • 2
  • 2
2 Solutions
 
Fatal_ExceptionCommented:
Here is a start for you:  ( I keep these bookmarked)

How do I install Active Directory on my Windows Server 2003 server?

http://www.petri.co.il/how_to_install_active_directory_on_windows_2003.htm

How do I install and configure Windows Server 2003 DNS server?

http://www.petri.co.il/install_and_configure_windows_2003_dns_server.htm

Windows Server 2003 Downloads

http://www.microsoft.com/windowsserver2003/downloads/default.mspx

and finally:

http://www.informit.com/guides/content.asp?g=windowsserver&seqNum=37
0
 
Steve McCarthy, MCSE, MCSA, MCP x8, Network+, i-Net+, A+, CIWA, CCNA, FDLE FCIC, HIPAA Security OfficerIT Consultant, Network Engineer, Windows Network Administrator, VMware AdministratorCommented:
Build up your 2003 box, make sure you have updated drivers and patches and get Windows fully up to date.  When you are comfortable and have confirmed you have Internet Access, run DCPromo.  You will need the IIS plugin, but it will let you know if you are missing anything.  Do you have a Domain name???  If so, you will probably not want to use that for your internal network.  For example, mine is xyz.com.  My internal domain is orlando.xyz.com.  If you have a web presence you could have issues otherwise.  Anyway, you are creating a single forest and a single domain.  When complete, this DC will reboot and you will log on to the domain.  Now, this DC will have all the FSMO roles and be a Global Catalog Server.  I would also go into Add/Delete Programs, Windows components and add WINS.  If this is the only DC or 1 of 2, and you want this to provide DHCP, then also install that.  WINS is an easy configuration and DHCP is not too hard either.  

OK, now this DC is setup.  I highly recommend a second Domain Controller.   You don't want 1 failure to cripple your network.  Build up the same as the first, but when you DCPromo, it will be an additional Domain Controller in an existing Domain/Forest.   This will also load up DNS.  I would go into AD Sites and Services and make this one a Global Catalog Server too.  Your DC's are now complete.  Using DHCP options, make sure your DNS entries are for your internal DNS servers only.  Those servers should only point to themselves.  The only place your ISP DNS entries should be in your main office is on your firewall or router, whatever device has your public IP address.  Name resolution requests will hit the DNS server and if not resolved, will pass it on to the Internet Root Servers.

You have it right for Site to Site VPN tunnels using Firewalls and NAT and different Subnets..   I am assuming the remote sites will also have Internet access.  To make your connectivity seemless, in your firewall or whatever device is your gateway (Mine is my firewall), the First DNS entry should be your server at the main office.  The second one should be the 1st DNS address provided by your ISP.  

I just connected a few additional remote sites with this exact configuration and it makes the network connection scream, even across the slow, broadband links.   Use DHCP to simplify your life, only static IP what you really need to.

In any network or server setting, remember, use the KISS method.
0
 
mmm5Author Commented:
Samccarthy: No domain name yet, and there will be no web(internet server) presence.  I'm thinking of a non-standard domain name such as companyname.north. Will this have any ramifications ? Also, all workstations are running XP Pro. Is WINS really needed, or can I stay with TCP/IP only ? Just curious, at remote sites, is all traffic, internal and internet, going through your main firewall at main office, or is internet access routed through local firewalls. Also, do you have a back-up strategy in place. In other words, do user data files reside on network server or local workstation, or both ? THANKS.

0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
Steve McCarthy, MCSE, MCSA, MCP x8, Network+, i-Net+, A+, CIWA, CCNA, FDLE FCIC, HIPAA Security OfficerIT Consultant, Network Engineer, Windows Network Administrator, VMware AdministratorCommented:
No, the domin name will work just fine.  You will need WINS if you have any legacy applications or older systems that require it.  If you don't have the applications, go without it.  You can easily add it later if you do.

With the DNS the first setting in the remote firewall, all DNS requests go to the main DNS server for resolution.  That makes the network traffic fly, but their regular Internet activity will go out their local ISP connection.  Of course network traffic will go over the tunnel.

I use folder redirection for my users, so all their files are on a server.  For remote sites, and I have a few, with a DC onsite, the files reside there.  For those that just connect like yours are, the files reside at the remote server.  With Redirection, it keeps a local copy of the files, so should the link go down, my users can still get to the Internet and still work on their files and they will synchronize when the link is restored.  Works pretty darn good!
0
 
mmm5Author Commented:
Appreciate both answers. Thanks again !
0
 
Fatal_ExceptionCommented:
Very good, and thank you!

FE
0
 
Steve McCarthy, MCSE, MCSA, MCP x8, Network+, i-Net+, A+, CIWA, CCNA, FDLE FCIC, HIPAA Security OfficerIT Consultant, Network Engineer, Windows Network Administrator, VMware AdministratorCommented:
Thanks and good luck!
0

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

  • 3
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now