[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 5889
  • Last Modified:

Two Domain Controllers in Different Subnets

We currently have a Small Business Server 2003 as our primary domain controller at our main office. We also have a Server 2003 as a secondary domain controller. The secondary domain controller serves as a backup DNS server and a file server. These two domain controllers sit on the same network and subnet.

What we are planning to do is to move the backup domain controller to an off-site location. We will set the server up on the remote site with a constant VPN connection through a SonicWALL to our main office. It will be on a different network., obvously, because VPN requires that the host and client be on different networks.

My question is:
- Will this be ok for our active directory?
- Is there any setup required in Active Directory Sites and Services in order to tell AD that its secondary domain controller has moved to a different network?
- Is there any way we can tell our client machines to try to authenticate to the (local) primary domain controller before it goes out to the secondary (For bandwidth reasons)?
- If our primary fails, will there be any needed interaction for all the computer to switch to the secondary controller?
- Also, this is kind of off topic but: We are going to be using an access database on the remote side constantly, by multiple users, say about 20. Does this sound like too much for a T1 to handle or not?

Thank you
0
jpwallen
Asked:
jpwallen
  • 2
  • 2
2 Solutions
 
KCTSCommented:
Ideally you should use a different subnet at the new site and define the two subnets in Active Directory Sites and Services, You should then create two sites  and assign each subnet to a site. That done you will need to chnage the IP of the DC that is going to be put on the remote site so that it is valid for the subnet. It would slao be a good idea to make sure that the second DC also has DNS installed and if a global catalog server.

If you then configure clients to use the DNS server on their own site for DNS they will then be able to use the local Domain Controller and Global Catalog for authentication thereby reducing VPN use. If you configire clients with the IP od the DNS sever on the other subnet as the alternate DNS server this will give you a degree of resilliance should one og them fail.
0
 
KCTSCommented:
Typos...Typos...

Ideally you should use a different subnet at the new site and define the two subnets in Active Directory Sites and Services. You should then create two sites  and assign each subnet to a site. That done you will need to chnage the IP of the DC that is going to be put on the remote site so that it is valid for its subnet. By default clients will first try to authenticate with a DC in their own site. It would also be a good idea to make sure that the second DC also has DNS installed and if a global catalog server.

To prevent unneccessary iner-site DNS traffic, if you then configure clients to use the DNS server on their own site as preferred DNS server it will reduce VPN use. If you configire clients with the IP of the DNS sever on the other subnet as the alternate DNS server this will give you a degree of resilliance should one of them failm they will automatically try use the other.
0
 
jpwallenAuthor Commented:
So I should create 2 NEW subnets in AD sites and services?
Say I have 10.90.x.x and my VPN network will be 10.91.1.x
I just create thoes networks and drag and drop the domain controllers into them?
0
 
Jay_Jay70Commented:
basically yes, sites and services controls replication and localised authentication......as an expansion on what has been said above, you should have a read through this, and understand why you are doing it
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/directory/activedirectory/stepbystep/adsrv.mspx
0
 
jpwallenAuthor Commented:
I am going to keep this question open until the move is complete and replication is working, just in case any problems come up.
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now