2003 servers at remote sites

Posted on 2006-04-26
Medium Priority
Last Modified: 2010-04-18
I have 3 remote locations currently and they all connect to HQ by means of T1 lines.  I would like to eliminate some of the traffic that is being pulled over these lines by putting a server at each of the remote sites.  My goal would be to have DHCP, DNS, Document Redirection, User Authentication and so on happen on local server as opposed to pulling it accross the link.  My questions are:
What role should these servers be?
How do you tell the users at that site to get group policy and authentication from the local server as opposed to the main DC?
Question by:cjewett
  • 3
  • 2
  • 2
LVL 12

Accepted Solution

Mazaraat earned 800 total points
ID: 16545021
YOu would install the servers as a DC's (secondary), configure the DNS, DHCP, etc for the site.  Then in AD sites ad services configure each site:

open AD sites&services
expand Sites->
add each subnet and specify which Site they should be using

You may have to add the site links and sites if they are not present after the install and promotion of the DC.


Author Comment

ID: 16545399
I will give that a try.  Do I actually need to do the config of the server at the remote site?  I make it a secondary DC before I do the AD Sites and Services correct?
LVL 12

Expert Comment

ID: 16545471
yes, make it a DC before you configure sites and services...make sure its replicating also =)

YOu don't 'have' to do the config at the rmeote site...I usually bring up the server locally and promote them...to make sure  their are no comm problems.
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.


Author Comment

ID: 16545583
So it would be ok to promote it while it has an IP address in the HQ subnet?
Then I move it to the proper subnet when I move the server?
Is there anything special I have to do for the configuration of DHCP, WINS, DNS for it to funcion properly at the remote site?

Assisted Solution

lavazzza earned 200 total points
ID: 16549068
I would absolutely not promote it to a DC at the headquarters, it will hose DNS when it arrives at the branch location.  Once there you will need to change the ip address of a DC, then change SOA and NS records across the domain.

Instead, when I am prepping a box for a remote install I do whats called an IFM, or install from media.  What that entails is using ntbackup to backup the system state of a known good DC. I then take the bkf and move it to the new box, I assign it an IP address in the subnet of the new network.  I extract the .bkf to an alternate location and perform a <dcpromo /adv> .  During the setup I specify the location where it should get the sysvol info (default it says network, change it to the location of the extracted system state files).  At this point it is a DC and fully replicated. Enable remote admin
Once the Server is in its new location, remote in and set up DNS (I typically use AD integrated DNS with secure updates), DHCP and the sites.  Make sure to check the global catalog checkbox in the server ntds settings to limit authentication traffic.  I have used this method and it works like a charm.  
kb article on IFM

Author Comment

ID: 16553316
So when you are doing the dcpromo /adv you do it at you HQ or at the remte site?

Expert Comment

ID: 16558824
If you do it at the HQ, make sure it has the IP address of the remote site, or if you have a fully routed network, which it appears that you have, just enable remote desktop or make sure you have a pair of smart hands on site, and do it at the location.  The beautiful part about IFM is that you do not have to have connectivity to the rest of the domain.

Featured Post

Fill in the form and get your FREE NFR key NOW!

Veeam is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Loops Section Overview

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question