Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

Professional Opinions
Ask a Question
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

troubleshooting Question

Deploying Windows domain controllers to remote locations

Avatar of Erik Bjers
Erik BjersFlag for Philippines asked on
Windows NetworkingWindows Server 2003Active Directory
8 Comments1 Solution274 ViewsLast Modified:
We have a rather large international domain that at the moment is a flat domain structure, everything is part of Globaldomain.net.  We do have sites setup for each location with different subnets and everything is connected VIA CISCO equipment, and we are constantly adding new locations and closing old ones (closing old ones is not a problem)

Our current procedure for a new site is to setup the DC in our server room at HQ allow full replication and install other required software such as AV and mail server.  We then ship the server to where ever it is going (drives shipped separately or hand carried later).  And that is the problem.  Often a server will get tied up in shipping or customs somewhere and may not make it to the final destination for up to two months, and then once it is there a tech has to go out and setup the VPN tunnel and connect the DC to the network, but by then replication will no longer work due to tombstone, expired kerberos password, lingering objects, and anything else you want to throw out there.

Most of the techs know how to handle these problems but it can cause significant delays in setting up a site, and in my case I got to a site that had a DC that was built and shipped before I was hired so my account did not exist on it (no replication) and I could not fix any of the problems.  We are looking at a few options to implement in the future including; promoting the server to a DC once it is in the field using a backup copy of AD (to prevent massive replication over the WAN), and going to a parent/ child domain structure.  Unfortunately both options, while mine to research, document, and prepare are at least a year down the line so we need a solution for now.

Does anyone know of any steps that we can do to help prevent things like expired kerberos passwords for a DC that has been off line for long periods of time and the other problems I mentioned above.

Avatar of craigothy

Our community of experts have been thoroughly vetted for their expertise and industry experience.

This problem has been solved!
Unlock 1 Answer and 8 Comments.
See Answers