edmallory
asked on
Data center hosted domain
I have two systems in a data center. both are running 2003 server. I have no Active Direcotry setup yet and exchange server waiting to be installed.
GOAL = domain AD replication across both boxes and domain logon for 5 remote offices. The probelm is that i always set these servers up on site and VPN between the offices. all is fine in that config but this is different
Questions
[What is the suggested order of installing active directory and exchange in a public IP environment without hardware VPN's]
[does a .local domain still work as it is on a public IP (do i need a fqdn ie. somecompany.com & box1.somecompany.com & box2.somecompany.com)]
[to create a SDC what i do have to do above just joining to the Domain... Join and then promote?
[How do the offices log onto the domain?]
thank you for all the help...
GOAL = domain AD replication across both boxes and domain logon for 5 remote offices. The probelm is that i always set these servers up on site and VPN between the offices. all is fine in that config but this is different
Questions
[What is the suggested order of installing active directory and exchange in a public IP environment without hardware VPN's]
[does a .local domain still work as it is on a public IP (do i need a fqdn ie. somecompany.com & box1.somecompany.com & box2.somecompany.com)]
[to create a SDC what i do have to do above just joining to the Domain... Join and then promote?
[How do the offices log onto the domain?]
thank you for all the help...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Yes that is the fondation principles.
What i suggest you do is, create a tree structure in active ditrectory so that each office's authentication requests can be done locally.
A suggested way to do this would be to use your datacenter as the primary (or top level) domain controller.
Then create seccondry domain controllers for sub trees (or sometimes reffered to as leaf servers).
Example:
primary domain controller: domainname.com
secondary domain controller: office1.domainname.com
The question regarding the .local domain i am not sure about, i think i read somewhere that the .local domain wont be routed properly. anyway, it is not a good idea to assign a "live" (public IP) system to a .local domain. Rather register your domain name, and use it throughout your directory structure.
Establish VPN connections (software is fine) and allow only replication to occure at schedlued intervals. usually when the traffic over the lan would be at its lowest.
In this setup join the client (office workstations) to the SDC domain (office1.domainname.com), this way the SDC will process the authentication (logon) requests, and all requests for access on the office1 domain. During replication, only the global catalog and other changes (DNS).
What i suggest you do is, create a tree structure in active ditrectory so that each office's authentication requests can be done locally.
A suggested way to do this would be to use your datacenter as the primary (or top level) domain controller.
Then create seccondry domain controllers for sub trees (or sometimes reffered to as leaf servers).
Example:
primary domain controller: domainname.com
secondary domain controller: office1.domainname.com
The question regarding the .local domain i am not sure about, i think i read somewhere that the .local domain wont be routed properly. anyway, it is not a good idea to assign a "live" (public IP) system to a .local domain. Rather register your domain name, and use it throughout your directory structure.
Establish VPN connections (software is fine) and allow only replication to occure at schedlued intervals. usually when the traffic over the lan would be at its lowest.
In this setup join the client (office workstations) to the SDC domain (office1.domainname.com), this way the SDC will process the authentication (logon) requests, and all requests for access on the office1 domain. During replication, only the global catalog and other changes (DNS).
ASKER
primary domain controller: datacenter.domainname.com
secondary domain controller: office1.domainname.com
What is the significance of leaving the computer name off the Primary domain controller int he example...?
secondary domain controller: office1.domainname.com
What is the significance of leaving the computer name off the Primary domain controller int he example...?
office1 was not intended to be the computer name, it is the sub domain name
if you want the FQDN it would be
datacenter.domainname.com
Server1.office1.domainname
office1 refers to the first office in your organization.
server1 referes to the sdc in that office
datacenter refers to the datacenter PDC
The reason for sub domains is to keep authentication on the office LAN, and not using up bandwidth on the WAN Link (which is slower then the LAN link, and more cost effective)
If a request comes from office2.domainname.com to access a resource on office1.domainname.com then the authentication is passed to the PDC (domainname.com) and then pushed back down to the office1.domainname.com
if you want the FQDN it would be
datacenter.domainname.com
Server1.office1.domainname
office1 refers to the first office in your organization.
server1 referes to the sdc in that office
datacenter refers to the datacenter PDC
The reason for sub domains is to keep authentication on the office LAN, and not using up bandwidth on the WAN Link (which is slower then the LAN link, and more cost effective)
If a request comes from office2.domainname.com to access a resource on office1.domainname.com then the authentication is passed to the PDC (domainname.com) and then pushed back down to the office1.domainname.com
ASKER
alright... makes sense... you dont just want member servers... you want sub domains (leafs... child domain in an existing tree) for the on-site domain controllers and then to do the replication off-peak....
how would you setup a sever to be a leaf server...
join domain
promote to DC, create 'child domain in an existing domain tree"
? when would you create a new domain tree as opposed to a new leaf?
Thank you for all the help... how much do you know about RAS on 2003 (new question thread)
how would you setup a sever to be a leaf server...
join domain
promote to DC, create 'child domain in an existing domain tree"
? when would you create a new domain tree as opposed to a new leaf?
Thank you for all the help... how much do you know about RAS on 2003 (new question thread)
If you wanted to create a new tree, then you would select the option that says something like: new tree in existing forrest.
The only time you would really need to create a new tree, would be if you needed the catalog servers to de different. I have never personally used this option, but it might be needed in an environment where you need certain settings in the catalog to be different.
I know a bit about RAS. whats the question?
The only time you would really need to create a new tree, would be if you needed the catalog servers to de different. I have never personally used this option, but it might be needed in an environment where you need certain settings in the catalog to be different.
I know a bit about RAS. whats the question?
ASKER
is that the gist of it.