AD and domain controller setup for Dr
Here is what I have setup so far. Please let me know if this will work in your opinion or if there is a better way to set this up.
Corp. site
1 Root DC
2 Child DC
(1) Branch site
1 Root DC
1 Child DC
All FSMO roles are in the corp site and all DCs are GCs
*We have a T1 between the offices, so I am pretty sure that replication will not be a problem, (please correct me if I am wrong). If the corp site goes down, AD will still be up, we will just have to seize the roles. Both child DCs in the corp site are our DNS servers, would it be smart to setup any of the Branch DCs with DNS? Replication issues with DNS? I need to look into DR for DNS as well, but was thinking I might be able to do this here as well.
As a test I would like to be able to turn off the Corp DCs and see if AD is still up and people are able to login etc..
Thanks again for everyones help on this ... I am bumping up the points some more...
Corp. site
1 Root DC
2 Child DC
(1) Branch site
1 Root DC
1 Child DC
All FSMO roles are in the corp site and all DCs are GCs
*We have a T1 between the offices, so I am pretty sure that replication will not be a problem, (please correct me if I am wrong). If the corp site goes down, AD will still be up, we will just have to seize the roles. Both child DCs in the corp site are our DNS servers, would it be smart to setup any of the Branch DCs with DNS? Replication issues with DNS? I need to look into DR for DNS as well, but was thinking I might be able to do this here as well.
As a test I would like to be able to turn off the Corp DCs and see if AD is still up and people are able to login etc..
Thanks again for everyones help on this ... I am bumping up the points some more...
You must have a DNS server at the branch site. If the t1 goes down, no one will be able to log on, unless they have cached credentials on their machines. I would not worry about DNS replication. Just make the zone AD integrated and you should be fine. Also make one of the DC's at the branch site a global catalog.
Is this all for a single domain? When you mention Root DC and Child DC that makes me think that you have more then one domain and more then likely you don't need more then one domain. They can all work in a single domain as long as the sites and subnets are set up correctly and like bwalker1 said make sure to also include DNS in that remote site.
Brian
Brian
ASKER
Yes, we have an empty root domain that we must keep for future possible mergers with our other associations
ASKER
We are going to make the child DC in the branch a DNS server. My next question is what is the best way to setup DNS for DR, but so it is not being used. In other words, my manager would like to see very little traffic related to DNS accross the Wan, so we would like to have the DNS servers in the corp office do most of the work.
Is DNS caching an option? and if so, if the corp office goes down then could I transfer the load, (or auto transfer) to the DNS server in the branch?
Thanks for your help!
Is DNS caching an option? and if so, if the corp office goes down then could I transfer the load, (or auto transfer) to the DNS server in the branch?
Thanks for your help!
ASKER
Oops, one more thing.
Is there much more work involved in putting DHCP on the branch DC as well for DR if the main office goes down?
Is there much more work involved in putting DHCP on the branch DC as well for DR if the main office goes down?
You should have a DHCP server at each site, as far as your question, what exactly do you mean?
The WAN link to the main office goes down?
Having a DHCP server at each site will solve this, and yes, it is very easy to set up. Install DHCP Server, authorize the DHCP server and activate the scope.
The DHCP service at the main office goes down?
You will still have to have a DHCP server at each site (configured as a DHCP relay agent) and configure you routers to forward BOOTP packets. Each DHCP server will have to have a scope for each subnet in case the other goes down, make sure these do not overlap.
Your can read more about it here:
http://www.computerperformance.co.uk/w2k3/services/DHCP_Relay_Agent.htm
The WAN link to the main office goes down?
Having a DHCP server at each site will solve this, and yes, it is very easy to set up. Install DHCP Server, authorize the DHCP server and activate the scope.
The DHCP service at the main office goes down?
You will still have to have a DHCP server at each site (configured as a DHCP relay agent) and configure you routers to forward BOOTP packets. Each DHCP server will have to have a scope for each subnet in case the other goes down, make sure these do not overlap.
Your can read more about it here:
http://www.computerperformance.co.uk/w2k3/services/DHCP_Relay_Agent.htm
In regards to your DNS question this is how I would set it up.
Each DNS server at each domain is authoritative for its own domain. Configure conditional forwarding for for the root domain to forward all requests for that domain to that DNS server. I would also use conditional forwarding to point the DNS servers at the corp site and the branch site to forward requests for the other domains to the right DNS server.
Each DNS server at each domain is authoritative for its own domain. Configure conditional forwarding for for the root domain to forward all requests for that domain to that DNS server. I would also use conditional forwarding to point the DNS servers at the corp site and the branch site to forward requests for the other domains to the right DNS server.
ASKER
You answered my question on the DHCP, I plan on setting it up on the DC at the branch.
For DNS we have the two DNS servers at the corp office. We would like the DC in the branch to be setup for DNS if the corp DNS servers go down only, not to be used for usual queries, only in the case of a disaster. Should I set the branch DNS to be a secondary and forward all requests to the DNS servers at the corp?
My apologies, DNS is not really one of my strong points
For DNS we have the two DNS servers at the corp office. We would like the DC in the branch to be setup for DNS if the corp DNS servers go down only, not to be used for usual queries, only in the case of a disaster. Should I set the branch DNS to be a secondary and forward all requests to the DNS servers at the corp?
My apologies, DNS is not really one of my strong points
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.