Solved

Active Directory Remote Site Setup

Posted on 2007-12-05
7
705 Views
Last Modified: 2008-05-31
We currently have one site, one forest, and two AD servers (the master is 2000 and the second AD server is 2003).  Currently we are setting up a remote site at a data center that is connected to the main office via a BOVPN.  We want to put an Active Directory server at the remote site so user can login into the application that we have running on the servers at the data center.  I've got a 2003 server ready to go and I've setup a new site in ADSS.  I've also setup a new subnet using the IP subnet that the two servers are working with at the data center.  My question is should I join the new server to the domain at the main office then take it to the data center or do everything from there.  The new server is going to need to be setup as a DNS server as well correct?  Are there any special settings I need to consider for the DNS setup?
0
Comment
Question by:taltomare
  • 3
  • 2
  • 2
7 Comments
 
LVL 21

Expert Comment

by:from_exp
ID: 20412998
yes, your server should have dns functioning,
if you want AD and DNS functions to work correctly

concerning the place - actually no difference, because all AD and DNS traffic should pass through vpn tunnel.
if not - you'll get into troubles later, when your remote server will be unable to sync with DCs in your office
0
 
LVL 30

Expert Comment

by:LauraEHunterMVP
ID: 20412999
Either approach will work; if you dcpromo the remote DC while in the main office site, you will simply need to remember to change its site membership in AD Sites & Services after you have moved it to the remote site and changed its IP address.  (It may take an hour or more for your replication topology to re-configure itself to accomodate the change in location for the DC.)

If you want clients at the remote site to perform DNS resolution locally (usually a good idea), then the remote DC should be configured as a DNS server and your remote clients configured to use this DC as their primary DNS resolver.
0
 

Author Comment

by:taltomare
ID: 20413561
Does the romte DNS server need to point back to the main office and does the main office need anything added to it's DNS server to point to the new site?
0
 
LVL 30

Expert Comment

by:LauraEHunterMVP
ID: 20413577
Assuming that you are using AD-integrated DNS (you haven't specified); the remote DC should point to itself and only itself for name resolution.  Clients can point to their local DC as primary and the remote DC as secondary, or they can point only to their local DC if you want no name resolution requests traversing the WAN.  However, the latter will render users in each site unable to access non-local network resources if their local DC is unavailable.
0
 

Author Comment

by:taltomare
ID: 20413611
So the AD server's themselves do not need some kind of DNS record to communicate and transmitt directory updates to and from each other?
0
 
LVL 30

Accepted Solution

by:
LauraEHunterMVP earned 500 total points
ID: 20413625
Again assuming AD-integrated DNS, these records are created automatically during the dcpromo process and are replicated to each DC in the domain.

If you are not using AD-integrated DNS, you will need to update whatever DNS you are using with the A and SRV records for any DC that you add to Active Directory.
0
 
LVL 21

Expert Comment

by:from_exp
ID: 20413639
it will work by default.
in some cases you should visit active directory site and services and configure attidional site link.
under normal circumstances it is enough with the default first site link
0

Join & Write a Comment

Installing a printer using group policy preferences is not that hard let’s take a look at it. First lets open up your group policy console and edit the policy you want to add it to. I recommend creating a new policy for each printer makes it a l…
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now