Windows 2003 replication, sites and services, IP Changeover, etc!
Posted on 2006-06-19
Okay here's the deal... we have 4 geographic sites for our company. Let's say site A, B, C, and D. A is primary, where the master domain controller is. All sites will haev IPSEC tunnels to location A. Site A is a datacenter and B,C,D are all office sites.
I have gotten this much done so far... I got the domain up and running at Site A. There are two domain controllers there, one primary, one backup.
I got Site B running (and I imagine it will be the same for C and D so I'll leave them out). I got the IPSEC tunnel working, the computer joined the domain, and that's it. Now... we are currently running a 192.168.0.x IP scheme in the internal domain that's up and running -- that's going to be migrated.
So, Site B has a domain on it already -- let's say it's domain OLD. The new domain will be domain NEW. What I did was configure multiple IPs on the NIC to have one on the network of the OLD domain, and one on the network of the NEW domain. I can ping the main DC (at site A), the OLD domain controller, and obviously the 'new' network isn't active yet.
Okay so here's my problem... I got the domain controller at site B to join the NEW domain at site A. There is connectivity via IPSEC on all the right ports, so the computer joined the domain without a problem. Now I rebooted the DC at Site B, and I can log in, and still can ping the Site A DC. Now I know I need to set up an internal DNS so we aren't routing DNS queries across the IPSEC tunnel every time somebody logs in -- it would take forever. So I installed DNS, have it listen on only the 192.168.30.x IP (I assigned this server 192.168.30.10). I have that DNS forwarding to the Site A DNS, incase there is a need for it.
Now when I go into Active Directory Users and Computers -- I can't connect to the domain. Even though I can still ping it!
This project is close to rolling out and I'm just in the 'testing' phase right now, but any help would be appreciated greatly. HUGE points for it too!
Realistically what I need to know is a FULL breakdown on what steps to take for the Sites and Services to work.. I followed the documentation online on MS's site but it's limited... I don't know about the site links, and how to set them up -- should I add all the sites into it? Just one site to the main site? Additionally, why would it be that I can't access AD Users and Computers on the new DC at site B, even though I can ping the DC at Site A? I am thinking to demote the DC again and try it again.... but I feel I'm missing something.
Please, would be a BIG help!
EDIT: Do I need to assign SUBNETS to IPs that are NATTED? I mean, Site B is going to have DHCP for itself, and Site A will have DHCP there... the external IP I don't know yet... Much obliged.
EDIT #2: Got the internal DNS working and now I can see ADU&C. However now I'm trying to create the trust, and I can't "see" the other domain. Any ideas on this? The IP address is in the same range... the OLD domain runs on 192.168.0.10 (that's the DC) and I made a secondary IP of the NEW domain 192.168.0.14 (temporarily).