ropetin
asked on
Configure 2K3 Domain Controller at one Site, then move to another?
I'm currently getting ready to install and configure 4 new Win2K3 R2 Standard domain controllers for some of my remote locations. These locations are connected via 1.5mb links, and don't have any 'servers' currently. They are all on different subnets, connected via VPN. The servers will be domain controllers, as well as DHCP servers, DNS and WINS servers, and host some DFS shares.
I do not currently have any sites in Active Directory Sites and Services for these subnets. The question I have is, am I safe to set up these domain controllers in the local site, configure DNS and WINS (not DHCP) and set up the DFS shares to replicate in the local site? Once I take the domain controllers to their real homes, is it as easy as creating a site for that location/subnet and dragging and dropping the server between sites? Will the DNS, DFS and so on replication continue to work?
I do not currently have any sites in Active Directory Sites and Services for these subnets. The question I have is, am I safe to set up these domain controllers in the local site, configure DNS and WINS (not DHCP) and set up the DFS shares to replicate in the local site? Once I take the domain controllers to their real homes, is it as easy as creating a site for that location/subnet and dragging and dropping the server between sites? Will the DNS, DFS and so on replication continue to work?
You should be able to get the machines all configured with their appropriate sites and subnets when you first set them up by connecting them all up to the network at your main site. Assuming you're going to link them to your main site via VPN into the main server, then it shouldn't cause a problem doing this since the VPN means the remote servers will theoretically yet not physically be on the same network when at the remote site anyway.
Probably easier than having to move between different sites later on.
Probably easier than having to move between different sites later on.
(And yes - DNS will continue to work assuming the zone(s) are active directory integrated; again main thing being the DC's updating their own records once their offsite. And DFS will replicate along the same lines as the AD replication - as long as Sites & Services is configured properly, and DCs are healthy and replicating, DFS will be a breeze)
ASKER
Tigermatt: They will not be connected to 'head office' via VPN when setting up, they will be on the same gigabit LAN. Does that change anything?
Aissim: My biggest fear is DNS won't work, probably because I don't know enough about it! Should I create a site now for the remote subnet, even though I'll have nothing in it? Will the DNS server on the new DC be smart enough to know that it used to be authoritative (if thats the word) for 192.168.101/24 but now is authoritative for 192.168.201/24 after being moved between sites?
Aissim: My biggest fear is DNS won't work, probably because I don't know enough about it! Should I create a site now for the remote subnet, even though I'll have nothing in it? Will the DNS server on the new DC be smart enough to know that it used to be authoritative (if thats the word) for 192.168.101/24 but now is authoritative for 192.168.201/24 after being moved between sites?
You can definitely create the remote sites and subnets before hand; that won't hurt anything (and one less thing to do down the road). I would suggest doing that if you have the time...that way you don't feel rushed to do it all at once and you can double check your settings.
As for DNS I understand =) The DNS server (again assuming Active Directory Integrated Zones) is basically authoritative for YourDomainName.com...not the IP subnet. So x.x.x.101 or x.x.x.201 makes no difference - it's the domain name/DNS zone that matters. Just make sure that records for those DCs have reflected the change (and obviously you'll want to point client PC's at those remote sites to their own domain controller on their subnet).
Also, the Host (A) records will be the first records you check for updating....but the real important ones are the SRV records in the subfolders beneath your domain zone in DNS manager. For example _sites -> <sitename> -> _tcp -> _gc / _kerberos / _ldap records.
As for DNS I understand =) The DNS server (again assuming Active Directory Integrated Zones) is basically authoritative for YourDomainName.com...not the IP subnet. So x.x.x.101 or x.x.x.201 makes no difference - it's the domain name/DNS zone that matters. Just make sure that records for those DCs have reflected the change (and obviously you'll want to point client PC's at those remote sites to their own domain controller on their subnet).
Also, the Host (A) records will be the first records you check for updating....but the real important ones are the SRV records in the subfolders beneath your domain zone in DNS manager. For example _sites -> <sitename> -> _tcp -> _gc / _kerberos / _ldap records.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Yes, I would still recommend creating all the sites beforehand and putting the servers in their appropriate site before they leave for your head office. There's no harm in doing that since the VPN means they will essentially be virtually connected to the network at head office anyway.
Aissim has sorted your DNS issues I hope! ;-)
Just a sidenote - I assume you'll be setting up each server as a global catalog and not just head office? If you make each one a GC it will significantly reduce logon times at your remote sites.
Also each one would ideally need to be a DHCP server for it's IP subnet but I think you're doing that anyway??
Aissim has sorted your DNS issues I hope! ;-)
Just a sidenote - I assume you'll be setting up each server as a global catalog and not just head office? If you make each one a GC it will significantly reduce logon times at your remote sites.
Also each one would ideally need to be a DHCP server for it's IP subnet but I think you're doing that anyway??
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Tigermatt: Yes definitely on the GC, slow logon time is a huge concern with my users.
Aissim: Thank you for the encouragement, wish me luck!
Aissim: Thank you for the encouragement, wish me luck!
Thanks for the points!
Good luck ropetin =)
My only suggestion is when you do bring them online make sure their DNS & WINS entries are indeed reflecting the new IP scheme at the new location. (that's assming they'll initally have IP address info from your subnet there at headquarters?)