Link to home
Create AccountLog in
Avatar of msha094
msha094

asked on

Site Replication - Please Help

Thanks for looking!

I need to add another server (DC i am imagining) at a remote location and replicate AD from the headoffice to the branch.  The DC at head office is SBS 2003.  I am going to add a Server 2003 Standard edition server at the remote branch.  I am going to outline the steps that i know and hopefully someone will be able to tell me the steps i've missed! The primary domain (domain.local) is already setup and dns servers are also setup at headoffice.

Here she goes!!:



1) complete the install of server 2003 and at the headoffice join the new server as a member server on domain.local

2) run dcpromo on the new server and create an domain controller for an existing domain (this is where im not sure if i need to create a child domain)

3) take it to the remote site and install a DNS server on the branch site

4) set up permanent vpn connection between sites

5) on the head office DC setup sites and services (setup new site, subnet and create site link between them)

6) open ports needed for communication


Im a bit mixed up on where to add the machine to the domain.  I know that both sides need different IP's for the vpn connection to work.  When should i change the IP address on the branch machine as i need it to be able to communicate with the DC at head office, or should i add it once the vpn is established between the sites.

Also i have read that i need to install a new dns server at the remote branch to stop name resolution traffic from the remote branch.

Avatar of Michael Pfister
Michael Pfister
Flag of Germany image

There are some limitations running SBS 2003 when building a more complex domain structure. I.e. a sub-/child-domain is not possible with SBS. See SBS 2003 FAQs http://www.microsoft.com/windowsserver2003/sbs/evaluation/faq/netsec.mspx):

* There are no limits on the number or type of servers that can exist in a Windows Small Business Server 2003 domain, with the following exceptions:
* Only one computer in a domain can be running Windows Small Business Server 2003.
* Windows Small Business Server 2003 must be the root of the Active Directory forest.
* Windows Small Business Server 2003 cannot trust any other domains.
* A Windows Small Business Server 2003 domain cannot have any child domains.
* Each additional computer running Windows Server 2003 must have a Windows Small Business Server 2003 client access license (CAL).
* A Windows Small Business Server 2003 domain can have no more than 75 CALs. You can use CALs for each user or for each device.

This answers question 2) -> no child domain.

3) I'd install DNS right away


Rest: You can change the branch servers IP address when its moved to the branch office (don't add it, replace the head office IP address!).

hope it helps,

Michael
Avatar of msha094
msha094

ASKER

If i change the ip address of the remote machine after installing DNS, then AD,  wont this cause havoc?  How does AD and dns work when the IP is changed?  

In this scenario above, is the new dns server installed as a secondary for the domain?

And the primary dns server used for the remote branch would be the new one (effectively the secondary, followed by headoffices DNS as a secondary? (as they will be replicated)
 
ASKER CERTIFIED SOLUTION
Avatar of Michael Pfister
Michael Pfister
Flag of Germany image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Avatar of msha094

ASKER

I have not set this type of connection up before but do you see any problem with a hardware vpn between two linksys routers as the connection for the replication.  Is there else anything i need to configure?  If each site will have direct internet access, then i will need two nic's at each end one being for the internet connection and one being for the vpn connection? or is there an easier way of doing it?  I know that the adsl router which is a linksys WAG54G also has  hardware vpn functionality built in.
If you connect the 2 networks via VPN capable routers, no extra network cards are neccessary.
The VPN tunnel should be completely transparent for the DCs so no extra work here for you.

> If each site will have direct internet access, then i will need two nic's at each end one being for the internet connection and one being for the vpn connection?
> or is there an easier way of doing it?

I'm not sure if I'm getting you here, but if the Linksys router is your VPN gateway and your internet gateway, your users will be able to browse the internet and communicate via the tunnel with the other private subnet. Just make sure that the Linksys router is the default gateway on each subnet.