?
Solved

Site Replication - Please Help

Posted on 2006-03-20
5
Medium Priority
?
258 Views
Last Modified: 2008-03-10
Thanks for looking!

I need to add another server (DC i am imagining) at a remote location and replicate AD from the headoffice to the branch.  The DC at head office is SBS 2003.  I am going to add a Server 2003 Standard edition server at the remote branch.  I am going to outline the steps that i know and hopefully someone will be able to tell me the steps i've missed! The primary domain (domain.local) is already setup and dns servers are also setup at headoffice.

Here she goes!!:



1) complete the install of server 2003 and at the headoffice join the new server as a member server on domain.local

2) run dcpromo on the new server and create an domain controller for an existing domain (this is where im not sure if i need to create a child domain)

3) take it to the remote site and install a DNS server on the branch site

4) set up permanent vpn connection between sites

5) on the head office DC setup sites and services (setup new site, subnet and create site link between them)

6) open ports needed for communication


Im a bit mixed up on where to add the machine to the domain.  I know that both sides need different IP's for the vpn connection to work.  When should i change the IP address on the branch machine as i need it to be able to communicate with the DC at head office, or should i add it once the vpn is established between the sites.

Also i have read that i need to install a new dns server at the remote branch to stop name resolution traffic from the remote branch.

0
Comment
Question by:msha094
  • 3
  • 2
5 Comments
 
LVL 29

Expert Comment

by:Michael Pfister
ID: 16234190
There are some limitations running SBS 2003 when building a more complex domain structure. I.e. a sub-/child-domain is not possible with SBS. See SBS 2003 FAQs http://www.microsoft.com/windowsserver2003/sbs/evaluation/faq/netsec.mspx):

* There are no limits on the number or type of servers that can exist in a Windows Small Business Server 2003 domain, with the following exceptions:
* Only one computer in a domain can be running Windows Small Business Server 2003.
* Windows Small Business Server 2003 must be the root of the Active Directory forest.
* Windows Small Business Server 2003 cannot trust any other domains.
* A Windows Small Business Server 2003 domain cannot have any child domains.
* Each additional computer running Windows Server 2003 must have a Windows Small Business Server 2003 client access license (CAL).
* A Windows Small Business Server 2003 domain can have no more than 75 CALs. You can use CALs for each user or for each device.

This answers question 2) -> no child domain.

3) I'd install DNS right away


Rest: You can change the branch servers IP address when its moved to the branch office (don't add it, replace the head office IP address!).

hope it helps,

Michael
0
 

Author Comment

by:msha094
ID: 16234359
If i change the ip address of the remote machine after installing DNS, then AD,  wont this cause havoc?  How does AD and dns work when the IP is changed?  

In this scenario above, is the new dns server installed as a secondary for the domain?

And the primary dns server used for the remote branch would be the new one (effectively the secondary, followed by headoffices DNS as a secondary? (as they will be replicated)
 
0
 
LVL 29

Accepted Solution

by:
Michael Pfister earned 2000 total points
ID: 16234597
> If i change the ip address of the remote machine after installing DNS, then AD,  wont this cause havoc?  How does AD and dns work when the IP is changed?  

No. After changing the IP issue an

ipconfig /registerdns

to inform the DNS about the change. A reboot should do as well.

I'd recommend running your DNS "active directory integrated", so no further confugration of the DNS service should be neccessary. Windows 2003 takes care of the replication . Don't forget to add the branch offices IP range under sites and config your AD replication according to your bandwidth.

Then configure the clients according to their location: headquarter clients get headquarters DNS as primary and if you like branch office DNS as secondary, branch office clients get the branch office DNS as primary and headquarter as secondary DNS.

Hope this helps,

michael


0
 

Author Comment

by:msha094
ID: 16242614
I have not set this type of connection up before but do you see any problem with a hardware vpn between two linksys routers as the connection for the replication.  Is there else anything i need to configure?  If each site will have direct internet access, then i will need two nic's at each end one being for the internet connection and one being for the vpn connection? or is there an easier way of doing it?  I know that the adsl router which is a linksys WAG54G also has  hardware vpn functionality built in.
0
 
LVL 29

Expert Comment

by:Michael Pfister
ID: 16244827
If you connect the 2 networks via VPN capable routers, no extra network cards are neccessary.
The VPN tunnel should be completely transparent for the DCs so no extra work here for you.

> If each site will have direct internet access, then i will need two nic's at each end one being for the internet connection and one being for the vpn connection?
> or is there an easier way of doing it?

I'm not sure if I'm getting you here, but if the Linksys router is your VPN gateway and your internet gateway, your users will be able to browse the internet and communicate via the tunnel with the other private subnet. Just make sure that the Linksys router is the default gateway on each subnet.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
this video summaries big data hadoop online training demo (http://onlineitguru.com/big-data-hadoop-online-training-placement.html) , and covers basics in big data hadoop .
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question