?
Solved

Active Directory Remote Site Setup

Posted on 2007-12-05
7
Medium Priority
?
714 Views
Last Modified: 2008-05-31
We currently have one site, one forest, and two AD servers (the master is 2000 and the second AD server is 2003).  Currently we are setting up a remote site at a data center that is connected to the main office via a BOVPN.  We want to put an Active Directory server at the remote site so user can login into the application that we have running on the servers at the data center.  I've got a 2003 server ready to go and I've setup a new site in ADSS.  I've also setup a new subnet using the IP subnet that the two servers are working with at the data center.  My question is should I join the new server to the domain at the main office then take it to the data center or do everything from there.  The new server is going to need to be setup as a DNS server as well correct?  Are there any special settings I need to consider for the DNS setup?
0
Comment
Question by:taltomare
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 21

Expert Comment

by:from_exp
ID: 20412998
yes, your server should have dns functioning,
if you want AD and DNS functions to work correctly

concerning the place - actually no difference, because all AD and DNS traffic should pass through vpn tunnel.
if not - you'll get into troubles later, when your remote server will be unable to sync with DCs in your office
0
 
LVL 30

Expert Comment

by:LauraEHunterMVP
ID: 20412999
Either approach will work; if you dcpromo the remote DC while in the main office site, you will simply need to remember to change its site membership in AD Sites & Services after you have moved it to the remote site and changed its IP address.  (It may take an hour or more for your replication topology to re-configure itself to accomodate the change in location for the DC.)

If you want clients at the remote site to perform DNS resolution locally (usually a good idea), then the remote DC should be configured as a DNS server and your remote clients configured to use this DC as their primary DNS resolver.
0
 

Author Comment

by:taltomare
ID: 20413561
Does the romte DNS server need to point back to the main office and does the main office need anything added to it's DNS server to point to the new site?
0
Four New Appliances. Same Industry-leading Speeds.

But don't take it from us.  The Firebox M370 is Miercom tested and Miercom approved, outperforming its competitors for stateless and stateful traffic throughput scenarios.  Learn more about the M370, M470, M570 and M670 and find the right solution for your organization today!

 
LVL 30

Expert Comment

by:LauraEHunterMVP
ID: 20413577
Assuming that you are using AD-integrated DNS (you haven't specified); the remote DC should point to itself and only itself for name resolution.  Clients can point to their local DC as primary and the remote DC as secondary, or they can point only to their local DC if you want no name resolution requests traversing the WAN.  However, the latter will render users in each site unable to access non-local network resources if their local DC is unavailable.
0
 

Author Comment

by:taltomare
ID: 20413611
So the AD server's themselves do not need some kind of DNS record to communicate and transmitt directory updates to and from each other?
0
 
LVL 30

Accepted Solution

by:
LauraEHunterMVP earned 2000 total points
ID: 20413625
Again assuming AD-integrated DNS, these records are created automatically during the dcpromo process and are replicated to each DC in the domain.

If you are not using AD-integrated DNS, you will need to update whatever DNS you are using with the A and SRV records for any DC that you add to Active Directory.
0
 
LVL 21

Expert Comment

by:from_exp
ID: 20413639
it will work by default.
in some cases you should visit active directory site and services and configure attidional site link.
under normal circumstances it is enough with the default first site link
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
A hard and fast method for reducing Active Directory Administrators members.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question