We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you two Citrix podcasts. Learn about 2020 trends and get answers to your biggest Citrix questions!Listen Now


how to properly configure dns on a remote site

intellie_ex asked
Medium Priority
Last Modified: 2012-05-05
I have a head office and remote stores.

In the head office i have my root DC.  I was told to setup domains in the same forest for the remote sites.  I'm looking to manage all the remote sites from head office when it comes to users/gpo/software deployment.  My problem is that i'm not very familiar with the whole remote site setup. The main problem is the DNS. I have secure vpn tunnels setup between remote sites and head office. I need the domain to replicate, but when the vpn is down the remote domain will still function i guess they will only replicate once the vpn is up, that's fine with me. I need detailed instructions on how to connect the remote dns to work with my head office.

thanks you
Watch Question

Top Expert 2006

Hi intellie_ex,

at the site level i would install DNS and add the root DC as a forwarder

make sure you can resolve the root DC using nslookup on the name and IP

after that  i would let DCPROMO look after DNS for you, it will pull the records down from the root DC and configure it the best way it sees fit

we have a very similar situation. Each site should have a GC configured also

you will be able to manage down to machine level from your root domain

its just a quick undetailed response as i was just leaving the office Hope it Helps a bit, if you need more details just post

Remote DC/DNS setup
1) Add new Windows 2003 member server to the remote site  (make sure DNS is pointed to your main site Windows 2003 DNS server in this servers TCP/IP properties)
2) Run DCPROMO on the new Windows 2003 member server.  Choose Additional domain controller for an already existing domain in the DCPROMO wizard.  
3) Your Windows 2003 server in the remote site is now a domain controller.
4) After the reboot, install the DNS service.  Add/Remove programs, Add/REmove Windows components --> Networking Services --> Chceck DNS
5)  Wait a while....DNS will automatically replicated to this server.  This is because the DNS database is automatically stored in Active Directory (by default).  So, every DC will have a copy of the DNs database.  Adding the DNS serive to a DC will enable clients to use the DNS database through the server.
6) Point DNS properly.  Microsoft recommends these settings:  http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B291382  

Question: Why do I have to point my domain controller to itself for DNS?

Answer: The Netlogon service on the domain controller registers a number of records in DNS that enable other domain controllers and computers to find Active Directory-related information. If the domain controller is pointing to the Internet service provider's (ISP) DNS server, Netlogon does not register the correct records for Active Directory, and errors are generated in Event Viewer. In Windows Server 2003, the recommended DNS configuration is to configure the DNS client settings on all DNS servers to use themselves as their own primary DNS server, and to use a different domain controller in the same domain as their alternative DNS server, preferably another domain controller in the same site. This process also works around the DNS "Island" problem in Windows 2000. You must always configure the DNS client settings on each domain controller's network interface to use the alternative DNS server addresses in addition to the primary DNS server address.

So, adjust the TCP/IP settings of your new Windows 2003 DC so that TCP/IP DNS setting points to itself primarily and to your remote Windows 2003 DNS server as secondary.  No other DNS servers should be listed.  And remember to add the new Windows 2003 DNS server IP to your main site DNS server...as secondary.

7) Configure DNS forwarding to the internet.  Go into the DNS console on your new server.  Right click your server name and choose properties from the drop down list.  Click the forwarders tab.  Enter the IP address of your ISP DNS servers here... this will allow your server to forward DNs requests to the internet on your clients behalf.

8) don't forget, you will have to point clients that exist in the remote site to use this new DNS server.  Make sure in the TCP/Ip properties of your clients that DNs is set to use the local DNs server first and the remote DNS server secondarily.  Remember not to put ISP DNS servers anywhere...all Windows 2003 memembers must be pointed to internal Windows DNS servers only.

CREATE a NEW SITE IN AD Sites and Services....

1) Open AD Sites and Services.
2) Right click SITES folder and choose NEW SITE.
3) Add a name for your remote site (i.e. REMOTE-SITE)  Click Ok...click OK again
4) Right click SUBNETS folder and choose NEW Subnet
5) Add the subnet that exists for your remote site (i.e.
6) Highlight the new site you created (REMOTE-SITE) in the lower window [here we are associating the new subnet with the new site] - Click OK
7) Now....expand the Default Firsts Site Name and highlight the servers folder.  Right click the Domain controller that exists in the remote site and choose MOVE in the drop down box.  Move this server to the REMOTE-SITE site.
8) Go to your REMOTE-SITE folder, expand servers, expand your DC name, Right Click NTDS Settings and choose properties.  Make sure there is a check mark next to GLOBAL CATALOG.

Done...  The importance of AD Site and Servers is that clients will now be aware of what DC is closest to them.  AD Sites are organized by well connected subnets.  Whenever a network goes over a WAN link, a new site should be created.  You should have a DC a each LAN site.  By using AD Sites and services, your clients will realize that they should logon using the local DC...and not the remote one.  If the client needs to refer to active directory for anything, they will now prefer to look to the local one to thier site.

-hope this helps..

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts


K i did all the steps, look fine.

so now if i add a host in the main site dns, it will replicate to my remote sites?


k, everything works great. thanks

I will need some help with managing user access for all remote sites from Head Office.. I will post that quesiton soon.

Thanks again for you time.
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.