AD and domain controller setup for Dr

Here is what I have setup so far.  Please let me know if this will work in your opinion or if there is a better way to set this up.

Corp. site
1 Root DC
2 Child DC

(1) Branch site

1 Root DC
1 Child DC

All FSMO roles are in the corp site and all DCs are GCs

*We have a T1 between the offices, so I am pretty sure that replication will not be a problem, (please correct me if I am wrong).  If the corp site goes down, AD will still be up, we will just have to seize the roles.  Both child DCs in the corp site are our DNS servers, would it be smart to setup any of the Branch DCs with DNS? Replication issues with DNS?  I need to look into DR for DNS as well, but was thinking I might be able to do this here as well.

As a test I would like to be able to turn off the Corp DCs and see if AD is still up and people are able to login etc..

Thanks again for everyones help on this ... I am bumping up the points some more...
Brian MarquardtAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

bwalker1Commented:
You must have a DNS server at the branch site.  If the t1 goes down, no one will be able to log on, unless they have cached credentials on their machines. I would not worry about DNS replication.  Just make the zone AD integrated and you should be fine. Also make one of the DC's at the branch site a global catalog.
BrianIT ManagerCommented:
Is this all for a single domain?  When you mention Root DC and Child DC that makes me think that you have more then one domain and more then likely you don't need more then one domain.  They can all work in a single domain as long as the sites and subnets are set up correctly and like bwalker1 said make sure to also include DNS in that remote site.

Brian
Brian MarquardtAuthor Commented:
Yes, we have an empty root domain that we must keep for future possible mergers with our other associations
Become a Certified Penetration Testing Engineer

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

Brian MarquardtAuthor Commented:
We are going to make the child DC in the branch a DNS server.  My next question is what is the best way to setup DNS for DR, but so it is not being used.  In other words, my manager would like to see very little traffic related to DNS accross the Wan, so we would like to have the DNS servers in the corp office do most of the work.

Is DNS caching an option? and if so, if the corp office goes down then could I transfer the load, (or auto transfer) to the DNS server in the branch?

Thanks for your help!
Brian MarquardtAuthor Commented:
Oops, one more thing.  

Is there much more work involved in putting DHCP on the branch DC as well for DR if the main office goes down?
bwalker1Commented:
You should have a DHCP server at each site, as far as your question, what exactly do you mean?

The WAN link to the main office goes down?

Having a DHCP server at each site will solve this, and yes, it is very easy to set up.  Install DHCP Server, authorize the DHCP server and activate the scope.

The DHCP service at the main office goes down?

You will still have to have a DHCP server at each site (configured as a DHCP relay agent) and configure you routers to forward BOOTP packets.  Each DHCP server will have to have a scope for each subnet in case the other goes down, make sure these do not overlap.

Your can read more about it here:

http://www.computerperformance.co.uk/w2k3/services/DHCP_Relay_Agent.htm
bwalker1Commented:
In regards to your DNS question this is how I would set it up.

Each DNS server at each domain is authoritative for its own domain.  Configure conditional forwarding for for the root domain to forward all requests for that domain to that DNS server.  I would also use conditional forwarding to point the DNS servers at the corp site and the branch site to forward requests for the other domains to the right DNS server.
Brian MarquardtAuthor Commented:
You answered my question on the DHCP, I plan on setting it up on the DC at the branch.

For DNS we have the two DNS servers at the corp office.  We would like the DC in the branch to be setup for DNS if the corp DNS servers go down only, not to be used for usual queries, only in the case of a disaster.  Should I set the branch DNS to be a secondary and forward all requests to the DNS servers at the corp?

My apologies, DNS is not really one of my strong points
bwalker1Commented:
Yes, use it as a secondary server.  Set up the zone however you want, just make sure the clients have the local DNS server as the preferred DNS server.  They will only contact the secondary DNS server if they can't connect to the preferred DNS server.



Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.