Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1155
  • Last Modified:

Configure 2K3 Domain Controller at one Site, then move to another?

I'm currently getting ready to install and configure 4 new Win2K3 R2 Standard domain controllers for some of my remote locations.  These locations are connected via 1.5mb links, and don't have any 'servers' currently.  They are all on different subnets, connected via VPN.  The servers will be domain controllers, as well as DHCP servers, DNS and WINS servers, and host some DFS shares.

I do not currently have any sites in Active Directory Sites and Services for these subnets.  The question I have is, am I safe to set up these domain controllers in the local site, configure DNS and WINS (not DHCP) and set up the DFS shares to replicate in the local site?  Once I take the domain controllers to their real homes, is it as easy as creating a site for that location/subnet and dragging and dropping the server between sites?  Will the DNS, DFS and so on replication continue to work?
0
ropetin
Asked:
ropetin
  • 5
  • 4
  • 2
2 Solutions
 
aissimCommented:
Yep - sounds like you have a safe plan to me. AD sites and services you can drag and drop, or right-click and select Move after you've defined the other Sites & Subnets.

My only suggestion is when you do bring them online make sure their DNS & WINS entries are indeed reflecting the new IP scheme at the new location. (that's assming they'll initally have IP address info from your subnet there at headquarters?)
0
 
tigermattCommented:
You should be able to get the machines all configured with their appropriate sites and subnets when you first set them up by connecting them all up to the network at your main site. Assuming you're going to link them to your main site via VPN into the main server, then it shouldn't cause a problem doing this since the VPN means the remote servers will theoretically yet not physically be on the same network when at the remote site anyway.

Probably easier than having to move between different sites later on.
0
 
aissimCommented:
(And yes - DNS will continue to work assuming the zone(s) are active directory integrated; again main thing being the DC's updating their own records once their offsite. And DFS will replicate along the same lines as the AD replication - as long as Sites & Services is configured properly, and DCs are healthy and replicating, DFS will be a breeze)
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
ropetinAuthor Commented:
Tigermatt:  They will not be connected to 'head office' via VPN when setting up, they will be on the same gigabit LAN.  Does that change anything?

Aissim: My biggest fear is DNS won't work, probably because I don't know enough about it!  Should I create a site now for the remote subnet, even though I'll have nothing in it?  Will the DNS server on the new DC be smart enough to know that it used to be authoritative (if thats the word) for 192.168.101/24 but now is authoritative for 192.168.201/24 after being moved between sites?
0
 
aissimCommented:
You can definitely create the remote sites and subnets before hand; that won't hurt anything (and one less thing to do down the road). I would suggest doing that if you have the time...that way you don't feel rushed to do it all at once and you can double check your settings.

As for DNS I understand =) The DNS server (again assuming Active Directory Integrated Zones) is basically authoritative for YourDomainName.com...not the IP subnet. So x.x.x.101 or x.x.x.201 makes no difference - it's the domain name/DNS zone that matters. Just make sure that records for those DCs have reflected the change (and obviously you'll want to point client PC's at those remote sites to their own domain controller on their subnet).

Also, the Host (A) records will be the first records you check for updating....but the real important ones are the SRV records in the subfolders beneath your domain zone in DNS manager. For example _sites -> <sitename> -> _tcp -> _gc / _kerberos / _ldap records.
0
 
aissimCommented:
Here's a fairly basic MS article that explains the meat of it: http://technet2.microsoft.com/windowsserver/en/library/b6b29ec7-8f87-4761-9e9f-fd85ffed76601033.mspx?mfr=true

Not really any new and improved info in there, just passing it along to help spell your fears =) And the nice thing is that the DCs your moving haven't necessarily been used in production on your current subnet - (as far as clients pointing to DNS etc) - so that makes life a little easier.
0
 
tigermattCommented:
Yes, I would still recommend creating all the sites beforehand and putting the servers in their appropriate site before they leave for your head office. There's no harm in doing that since the VPN means they will essentially be virtually connected to the network at head office anyway.

Aissim has sorted your DNS issues I hope! ;-)

Just a sidenote - I assume you'll be setting up each server as a global catalog and not just head office? If you make each one a GC it will significantly reduce logon times at your remote sites.

Also each one would ideally need to be a DHCP server for it's IP subnet but I think you're doing that anyway??
0
 
tigermattCommented:
Ignore my bit about DHCP - I just noticed in your original post that you said they would be DHCP servers!

Here's a link regarding the global catalogs: http://www.petri.co.il/configure_a_new_global_catalog.htm
0
 
ropetinAuthor Commented:
Tigermatt: Yes definitely on the GC, slow logon time is a huge concern with my users.

Aissim: Thank you for the encouragement, wish me luck!
0
 
tigermattCommented:
Thanks for the points!
0
 
aissimCommented:
Good luck ropetin =)
0

Featured Post

Veeam and MySQL: How to Perform Backup & Recovery

MySQL and the MariaDB variant are among the most used databases in Linux environments, and many critical applications support their data on them. Watch this recorded webinar to find out how Veeam Backup & Replication allows you to get consistent backups of MySQL databases.

  • 5
  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now