Solved

Active Directory Remote Site Setup

Posted on 2007-12-05
7
710 Views
Last Modified: 2008-05-31
We currently have one site, one forest, and two AD servers (the master is 2000 and the second AD server is 2003).  Currently we are setting up a remote site at a data center that is connected to the main office via a BOVPN.  We want to put an Active Directory server at the remote site so user can login into the application that we have running on the servers at the data center.  I've got a 2003 server ready to go and I've setup a new site in ADSS.  I've also setup a new subnet using the IP subnet that the two servers are working with at the data center.  My question is should I join the new server to the domain at the main office then take it to the data center or do everything from there.  The new server is going to need to be setup as a DNS server as well correct?  Are there any special settings I need to consider for the DNS setup?
0
Comment
Question by:taltomare
  • 3
  • 2
  • 2
7 Comments
 
LVL 21

Expert Comment

by:from_exp
ID: 20412998
yes, your server should have dns functioning,
if you want AD and DNS functions to work correctly

concerning the place - actually no difference, because all AD and DNS traffic should pass through vpn tunnel.
if not - you'll get into troubles later, when your remote server will be unable to sync with DCs in your office
0
 
LVL 30

Expert Comment

by:LauraEHunterMVP
ID: 20412999
Either approach will work; if you dcpromo the remote DC while in the main office site, you will simply need to remember to change its site membership in AD Sites & Services after you have moved it to the remote site and changed its IP address.  (It may take an hour or more for your replication topology to re-configure itself to accomodate the change in location for the DC.)

If you want clients at the remote site to perform DNS resolution locally (usually a good idea), then the remote DC should be configured as a DNS server and your remote clients configured to use this DC as their primary DNS resolver.
0
 

Author Comment

by:taltomare
ID: 20413561
Does the romte DNS server need to point back to the main office and does the main office need anything added to it's DNS server to point to the new site?
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 
LVL 30

Expert Comment

by:LauraEHunterMVP
ID: 20413577
Assuming that you are using AD-integrated DNS (you haven't specified); the remote DC should point to itself and only itself for name resolution.  Clients can point to their local DC as primary and the remote DC as secondary, or they can point only to their local DC if you want no name resolution requests traversing the WAN.  However, the latter will render users in each site unable to access non-local network resources if their local DC is unavailable.
0
 

Author Comment

by:taltomare
ID: 20413611
So the AD server's themselves do not need some kind of DNS record to communicate and transmitt directory updates to and from each other?
0
 
LVL 30

Accepted Solution

by:
LauraEHunterMVP earned 500 total points
ID: 20413625
Again assuming AD-integrated DNS, these records are created automatically during the dcpromo process and are replicated to each DC in the domain.

If you are not using AD-integrated DNS, you will need to update whatever DNS you are using with the A and SRV records for any DC that you add to Active Directory.
0
 
LVL 21

Expert Comment

by:from_exp
ID: 20413639
it will work by default.
in some cases you should visit active directory site and services and configure attidional site link.
under normal circumstances it is enough with the default first site link
0

Featured Post

How Do You Stack Up Against Your Peers?

With today’s modern enterprise so dependent on digital infrastructures, the impact of major incidents has increased dramatically. Grab the report now to gain insight into how your organization ranks against your peers and learn best-in-class strategies to resolve incidents.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Microsoft DNS on Windows Server 2012 R2 10 60
Time sync on Domain 5 37
Unable to hit site 2 23
iMac not resolving DNS 7 25
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

713 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question