2003 servers at remote sites

I have 3 remote locations currently and they all connect to HQ by means of T1 lines.  I would like to eliminate some of the traffic that is being pulled over these lines by putting a server at each of the remote sites.  My goal would be to have DHCP, DNS, Document Redirection, User Authentication and so on happen on local server as opposed to pulling it accross the link.  My questions are:
What role should these servers be?
How do you tell the users at that site to get group policy and authentication from the local server as opposed to the main DC?
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

YOu would install the servers as a DC's (secondary), configure the DNS, DHCP, etc for the site.  Then in AD sites ad services configure each site:

open AD sites&services
expand Sites->
add each subnet and specify which Site they should be using

You may have to add the site links and sites if they are not present after the install and promotion of the DC.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
cjewettAuthor Commented:
I will give that a try.  Do I actually need to do the config of the server at the remote site?  I make it a secondary DC before I do the AD Sites and Services correct?
yes, make it a DC before you configure sites and services...make sure its replicating also =)

YOu don't 'have' to do the config at the rmeote site...I usually bring up the server locally and promote them...to make sure  their are no comm problems.
The 7 Worst Nightmares of a Sysadmin

Fear not! To defend your business’ IT systems we’re going to shine a light on the seven most sinister terrors that haunt sysadmins. That way you can be sure there’s nothing in your stack waiting to go bump in the night.

cjewettAuthor Commented:
So it would be ok to promote it while it has an IP address in the HQ subnet?
Then I move it to the proper subnet when I move the server?
Is there anything special I have to do for the configuration of DHCP, WINS, DNS for it to funcion properly at the remote site?
I would absolutely not promote it to a DC at the headquarters, it will hose DNS when it arrives at the branch location.  Once there you will need to change the ip address of a DC, then change SOA and NS records across the domain.

Instead, when I am prepping a box for a remote install I do whats called an IFM, or install from media.  What that entails is using ntbackup to backup the system state of a known good DC. I then take the bkf and move it to the new box, I assign it an IP address in the subnet of the new network.  I extract the .bkf to an alternate location and perform a <dcpromo /adv> .  During the setup I specify the location where it should get the sysvol info (default it says network, change it to the location of the extracted system state files).  At this point it is a DC and fully replicated. Enable remote admin
Once the Server is in its new location, remote in and set up DNS (I typically use AD integrated DNS with secure updates), DHCP and the sites.  Make sure to check the global catalog checkbox in the server ntds settings to limit authentication traffic.  I have used this method and it works like a charm.  
kb article on IFM
cjewettAuthor Commented:
So when you are doing the dcpromo /adv you do it at you HQ or at the remte site?
If you do it at the HQ, make sure it has the IP address of the remote site, or if you have a fully routed network, which it appears that you have, just enable remote desktop or make sure you have a pair of smart hands on site, and do it at the location.  The beautiful part about IFM is that you do not have to have connectivity to the rest of the domain.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.