Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Active Directory Remote Site Setup

Posted on 2007-12-05
7
Medium Priority
?
725 Views
Last Modified: 2008-05-31
We currently have one site, one forest, and two AD servers (the master is 2000 and the second AD server is 2003).  Currently we are setting up a remote site at a data center that is connected to the main office via a BOVPN.  We want to put an Active Directory server at the remote site so user can login into the application that we have running on the servers at the data center.  I've got a 2003 server ready to go and I've setup a new site in ADSS.  I've also setup a new subnet using the IP subnet that the two servers are working with at the data center.  My question is should I join the new server to the domain at the main office then take it to the data center or do everything from there.  The new server is going to need to be setup as a DNS server as well correct?  Are there any special settings I need to consider for the DNS setup?
0
Comment
Question by:taltomare
  • 3
  • 2
  • 2
7 Comments
 
LVL 21

Expert Comment

by:from_exp
ID: 20412998
yes, your server should have dns functioning,
if you want AD and DNS functions to work correctly

concerning the place - actually no difference, because all AD and DNS traffic should pass through vpn tunnel.
if not - you'll get into troubles later, when your remote server will be unable to sync with DCs in your office
0
 
LVL 30

Expert Comment

by:LauraEHunterMVP
ID: 20412999
Either approach will work; if you dcpromo the remote DC while in the main office site, you will simply need to remember to change its site membership in AD Sites & Services after you have moved it to the remote site and changed its IP address.  (It may take an hour or more for your replication topology to re-configure itself to accomodate the change in location for the DC.)

If you want clients at the remote site to perform DNS resolution locally (usually a good idea), then the remote DC should be configured as a DNS server and your remote clients configured to use this DC as their primary DNS resolver.
0
 

Author Comment

by:taltomare
ID: 20413561
Does the romte DNS server need to point back to the main office and does the main office need anything added to it's DNS server to point to the new site?
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
LVL 30

Expert Comment

by:LauraEHunterMVP
ID: 20413577
Assuming that you are using AD-integrated DNS (you haven't specified); the remote DC should point to itself and only itself for name resolution.  Clients can point to their local DC as primary and the remote DC as secondary, or they can point only to their local DC if you want no name resolution requests traversing the WAN.  However, the latter will render users in each site unable to access non-local network resources if their local DC is unavailable.
0
 

Author Comment

by:taltomare
ID: 20413611
So the AD server's themselves do not need some kind of DNS record to communicate and transmitt directory updates to and from each other?
0
 
LVL 30

Accepted Solution

by:
LauraEHunterMVP earned 2000 total points
ID: 20413625
Again assuming AD-integrated DNS, these records are created automatically during the dcpromo process and are replicated to each DC in the domain.

If you are not using AD-integrated DNS, you will need to update whatever DNS you are using with the A and SRV records for any DC that you add to Active Directory.
0
 
LVL 21

Expert Comment

by:from_exp
ID: 20413639
it will work by default.
in some cases you should visit active directory site and services and configure attidional site link.
under normal circumstances it is enough with the default first site link
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let's recap what we learned from yesterday's Skyport Systems webinar.
High user turnover can cause old/redundant user data to consume valuable space. UserResourceCleanup was developed to address this by automatically deleting user folders when the user account is deleted.
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question