Solved

Active Directory Remote Site Setup

Posted on 2007-12-05
7
706 Views
Last Modified: 2008-05-31
We currently have one site, one forest, and two AD servers (the master is 2000 and the second AD server is 2003).  Currently we are setting up a remote site at a data center that is connected to the main office via a BOVPN.  We want to put an Active Directory server at the remote site so user can login into the application that we have running on the servers at the data center.  I've got a 2003 server ready to go and I've setup a new site in ADSS.  I've also setup a new subnet using the IP subnet that the two servers are working with at the data center.  My question is should I join the new server to the domain at the main office then take it to the data center or do everything from there.  The new server is going to need to be setup as a DNS server as well correct?  Are there any special settings I need to consider for the DNS setup?
0
Comment
Question by:taltomare
  • 3
  • 2
  • 2
7 Comments
 
LVL 21

Expert Comment

by:from_exp
ID: 20412998
yes, your server should have dns functioning,
if you want AD and DNS functions to work correctly

concerning the place - actually no difference, because all AD and DNS traffic should pass through vpn tunnel.
if not - you'll get into troubles later, when your remote server will be unable to sync with DCs in your office
0
 
LVL 30

Expert Comment

by:LauraEHunterMVP
ID: 20412999
Either approach will work; if you dcpromo the remote DC while in the main office site, you will simply need to remember to change its site membership in AD Sites & Services after you have moved it to the remote site and changed its IP address.  (It may take an hour or more for your replication topology to re-configure itself to accomodate the change in location for the DC.)

If you want clients at the remote site to perform DNS resolution locally (usually a good idea), then the remote DC should be configured as a DNS server and your remote clients configured to use this DC as their primary DNS resolver.
0
 

Author Comment

by:taltomare
ID: 20413561
Does the romte DNS server need to point back to the main office and does the main office need anything added to it's DNS server to point to the new site?
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 30

Expert Comment

by:LauraEHunterMVP
ID: 20413577
Assuming that you are using AD-integrated DNS (you haven't specified); the remote DC should point to itself and only itself for name resolution.  Clients can point to their local DC as primary and the remote DC as secondary, or they can point only to their local DC if you want no name resolution requests traversing the WAN.  However, the latter will render users in each site unable to access non-local network resources if their local DC is unavailable.
0
 

Author Comment

by:taltomare
ID: 20413611
So the AD server's themselves do not need some kind of DNS record to communicate and transmitt directory updates to and from each other?
0
 
LVL 30

Accepted Solution

by:
LauraEHunterMVP earned 500 total points
ID: 20413625
Again assuming AD-integrated DNS, these records are created automatically during the dcpromo process and are replicated to each DC in the domain.

If you are not using AD-integrated DNS, you will need to update whatever DNS you are using with the A and SRV records for any DC that you add to Active Directory.
0
 
LVL 21

Expert Comment

by:from_exp
ID: 20413639
it will work by default.
in some cases you should visit active directory site and services and configure attidional site link.
under normal circumstances it is enough with the default first site link
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I wrote this article to explain some important DNS concepts that should be known to avoid some typical configuration errors I often see in forums. I assume that what is described here is the typical behavior of Microsoft DNS client. I don't know …
This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now