?
Solved

site-to-site VPN domain help

Posted on 2006-11-30
4
Medium Priority
?
259 Views
Last Modified: 2010-03-18
I have a site-to-site VPN that is currently working between two Cisco Pixs.  My current setup is:

Site A has no domain.  Site A has a Terminal Server (Windows 2003).  
Site B has a domain controller (Windows 2003).

Currently, Site A has users set up in "Computer Management" not Active Directory.  
Site B has users set up in Active Directory.

So all users have to connect to Site A's Terminal Server with one username and Site B's with another.  We would like to consolidate this, however, using our current hardware/software.

Microsoft suggests not making a Terminal Server a Domain Controller, and we don't want to have to buy another Windows Server 2003 to act as a domain controller at Site A.

How can we have Site A's Terminal Server authenticate through Site B's domain controller?  Additionally, is this wise?

Thanks!

0
Comment
Question by:eluh
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 10

Expert Comment

by:MATTHEW_L
ID: 18053734
Simply joining those PC's in site a to the domiain including the terminal server will allow domain authentication.  This will occur over the WAN / VPN to the domain controller in site b.  This can be done and will work, but you need to watch out for bandwidth concerns as authentication traffic will be crossing the WAN.  If it is a small amount of users in this office it may not be bad.  Also, remember that you must point DNS to the domain controller for resolution.  So DNS traffic will have to cross the WAN as well.
0
 

Author Comment

by:eluh
ID: 18070013
What do I need to do on Site B's end?  I changed the DNS on Site A, but it can't find Site B's domain.
0
 
LVL 10

Accepted Solution

by:
MATTHEW_L earned 2000 total points
ID: 18070653
Is the site a computers pointing to the dns server at site b?  If not this will not work.  Once this is changed you should be able to join the computer to the domain using the domain.com format or domain to join it.  From that point you should be able to authenticate with AD accounts to resources from either domain to either domain.
0
 
LVL 10

Expert Comment

by:MATTHEW_L
ID: 18079667
Did that work for you?
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…
Trying to figure out group policy inheritance and which settings apply where can be a chore.  Here's a very simple summary I've written which might help.  Keep in mind, this is just a high-level conceptual overview where I try to avoid getting bogge…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question