Solved

site-to-site VPN domain help

Posted on 2006-11-30
4
256 Views
Last Modified: 2010-03-18
I have a site-to-site VPN that is currently working between two Cisco Pixs.  My current setup is:

Site A has no domain.  Site A has a Terminal Server (Windows 2003).  
Site B has a domain controller (Windows 2003).

Currently, Site A has users set up in "Computer Management" not Active Directory.  
Site B has users set up in Active Directory.

So all users have to connect to Site A's Terminal Server with one username and Site B's with another.  We would like to consolidate this, however, using our current hardware/software.

Microsoft suggests not making a Terminal Server a Domain Controller, and we don't want to have to buy another Windows Server 2003 to act as a domain controller at Site A.

How can we have Site A's Terminal Server authenticate through Site B's domain controller?  Additionally, is this wise?

Thanks!

0
Comment
Question by:eluh
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 10

Expert Comment

by:MATTHEW_L
ID: 18053734
Simply joining those PC's in site a to the domiain including the terminal server will allow domain authentication.  This will occur over the WAN / VPN to the domain controller in site b.  This can be done and will work, but you need to watch out for bandwidth concerns as authentication traffic will be crossing the WAN.  If it is a small amount of users in this office it may not be bad.  Also, remember that you must point DNS to the domain controller for resolution.  So DNS traffic will have to cross the WAN as well.
0
 

Author Comment

by:eluh
ID: 18070013
What do I need to do on Site B's end?  I changed the DNS on Site A, but it can't find Site B's domain.
0
 
LVL 10

Accepted Solution

by:
MATTHEW_L earned 500 total points
ID: 18070653
Is the site a computers pointing to the dns server at site b?  If not this will not work.  Once this is changed you should be able to join the computer to the domain using the domain.com format or domain to join it.  From that point you should be able to authenticate with AD accounts to resources from either domain to either domain.
0
 
LVL 10

Expert Comment

by:MATTHEW_L
ID: 18079667
Did that work for you?
0

Featured Post

Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Enterprise networks where VoIP phones have been deployed frequently use port configurations that allow both a computer and an IP phone to be plugged into the same switch port but use different VLANs. On Cisco equipment I'm referring to the "native V…
I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question