xeyeclan
asked on
Adding a remote office to a existing domain
I need some direction as to the best way of adding a remote office to an existing domain. Currently I have a coporate office with a Windows 2000 Server environment with 1 AD forest with 2 domain controllers. Now I have a remote office that I have connected using a vpn tunnel so that its part the corporate LAN. I would like the users in the remote office to log-in local to the server. Do I prep the remote server to attach to the AD forest on the corporate server so the remote office server is another domain controller logging into the same domain.?
Hi
Make sure it's fully service-packed, configure active directory sites and services with a new subnet for the remote site, then join it to the domain as a member server with fixed ip address on the new subnet and pointing to your main dc as primary dns server. Then run dcpromo to promote it to a DC. In order that remote users are authenticated by the remote server you'll need to create it as a Global Catalog server. You'll also need to ensure that the correct ports are open on the firewall to allow the necessary traffic required for AD replication traffic etc. to pass through the VPN tunnel.
Active Directory Replication over Firewalls
http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirectory/deploy/confeat/adrepfir.mspx
How To Create or Move a Global Catalog in Windows 2000
http://support.microsoft.com/?kbid=313994
How do I create a new Active Directory site?
http://www.windowsitpro.com/Article/ArticleID/13380/13380.html?Ad=1
Windows 2000 Server Active Directory Planning and Deployment Guides
http://www.microsoft.com/technet/archive/windows2000serv/technologies/activedirectory/deploy/adguide/default.mspx
Deb :))
Make sure it's fully service-packed, configure active directory sites and services with a new subnet for the remote site, then join it to the domain as a member server with fixed ip address on the new subnet and pointing to your main dc as primary dns server. Then run dcpromo to promote it to a DC. In order that remote users are authenticated by the remote server you'll need to create it as a Global Catalog server. You'll also need to ensure that the correct ports are open on the firewall to allow the necessary traffic required for AD replication traffic etc. to pass through the VPN tunnel.
Active Directory Replication over Firewalls
http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirectory/deploy/confeat/adrepfir.mspx
How To Create or Move a Global Catalog in Windows 2000
http://support.microsoft.com/?kbid=313994
How do I create a new Active Directory site?
http://www.windowsitpro.com/Article/ArticleID/13380/13380.html?Ad=1
Windows 2000 Server Active Directory Planning and Deployment Guides
http://www.microsoft.com/technet/archive/windows2000serv/technologies/activedirectory/deploy/adguide/default.mspx
Deb :))
ASKER
DebsyI99, With Global Catalog server does the mean there is one global catalog server on the corporate and the other is the remote server?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
All is working now, that last problem I had was to create fix the DNS server that the remote office looked at the local dns first now it works just great.
Ensure that you have done the "Adding to domain" succesfully. Then check the Active directory Sites and Services anmd Check Replication.
Best Regards !