Solved

DNS question adding a windows svr03 to sbs

Posted on 2008-09-30
13
290 Views
Last Modified: 2012-05-05
Hi
I have a quick question regarding adding my remote windows 2003 server to my sbs domain.
I know when I add the remote server to the sbs domain I have to set the remote servers Primary DNS to point to the SBS server (10.13.1.10).. does this is always stay the sameall the time? My main concern is that how my users in the remote network are going to connect to the internet, because at the moment I have set the DNS servers that my isp gave me in the forwarders sections in DNS. Also in my remote office my router looks for the server to handle the dns quries. Once I add the remote server to the sbs domain, my remote network wont try to look for sbs domain to handle its internet will it? Sorry for the stupid questions but its my first time in doing this.
0
Comment
Question by:Dan560
  • 5
  • 5
  • 3
13 Comments
 
LVL 70

Expert Comment

by:KCTS
ID: 22606915
Two options - once you have installed DNS on the new server an set your clients up to use it you can?

1. Set up frowarders on the new DNS server to point directly to the internet servers (as you have with the SBS server

2. 1. Set up frowarders on the new DNS server to point to the SBS server (and then that will use its forwarder to the internet.
0
 
LVL 23

Expert Comment

by:ormerodrutter
ID: 22606963
Set primary DNS pointing to your SBS and in SBS setup the forwarders given by your ISP. All internet traffic will be handle by the SBS first and if it fails to resolves the address it will send your requests to the ISP's DNS. Just like what you would do using the SBS server on its own.
0
 
LVL 70

Expert Comment

by:KCTS
ID: 22606975
I've just re-red the question:
I am assuming that you are manking the new server an additional domain controller ? If you set up a remote server, then you should initially point it at the SBS server for its DNS.  Once you have made it a DC, then you need to install DNS on it

Once you have installed DNS on the new server, then you should change its settings so that it uses itself as the preferred DNS server and the SBS server as an alternate DNS server. the you should either

1. Set up frowarders on the new DNS server to point directly to the internet servers (as you have with the SBS server
OR
2.  Set up frowarders on the new DNS server to point to the SBS server (and then that will use its forwarder to the internet.


0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 2

Author Comment

by:Dan560
ID: 22607100
Sorry I forget to mention it, yes I do want the remote server to be a 2nd DC..So when I'm adding the server to the domain I need my primary DNS to be pointing to the sbs server? and then when I want to run dcpromo do I need to change the servers DNS to point to itself? And then in DNS setup the forwarders on the remote server that my ISP gave me?
0
 
LVL 70

Accepted Solution

by:
KCTS earned 500 total points
ID: 22607142
Yes point the server to the SBS server for its DNS to begin with. DCPROMO it to make it a DC, then add DNS. Once DNS has replicated (it will replicate automatically once installed), then change the preferred DNS server setting to it points at itself (and to the SBS as alternate). then set up the forwarders.
0
 
LVL 70

Expert Comment

by:KCTS
ID: 22607175
BTW its also a good idea to make the new DC a global catalog: Go to Administrative Tools, Active Directory Sites and Services, Expand , Sites, Default first site and Servers. Right click on the new server and select properties and tick the Global Catalog checkbox. (Global catalog is essential for logon as it needs to be queried to establish Universal Group Membership)
0
 
LVL 2

Author Comment

by:Dan560
ID: 22607232
Thanks KCTS, yep I was going to do that, there are few things with sites and services that I need to configure anyway.
One last question though, I'm going to setup user profiles on the remote server, and use it as a file sharing server for the few users that work under that network. The two servers wont replicate the shared folders will they?
And also do you know from personal experience whether having a 2nd DC accross a vpn uses alot of bandwidth?
0
 
LVL 23

Expert Comment

by:ormerodrutter
ID: 22612328
I read articles saying running TS on a DC will seriously compromise security and might have issues. I think thats about allowing user(s) to logon locally on a DC isn't a very good idea. And thats probably why they took TS away from SBS and only allow 2 concurrent admin connections.

http://www.msterminalservices.org/articles/Securing-Windows-Terminal-Services.html

So unless absolute necessary I wouldn't recomment promoting a TS server to a DC, or set a DC to become a TS server.

In answering the last question from Dan - No having 2 DCs across a VPN do not use much bandwidth. AD replication only replicate "changes" and i don't think your AD will be changed that often? Beside you can always schedule the replication windows, i.e. time to replicate. You can only allow replicatioin to be occurred once an hour or even less frequent than that.
0
 
LVL 2

Author Comment

by:Dan560
ID: 22612406
Yeah Its not a good idea to have TS on a DC, I agree,I've managed to lock it down quite alot via group polic thanks for your advice.
0
 
LVL 70

Expert Comment

by:KCTS
ID: 22612485
I have to agree with the recommendation that you don't make the TS server a DC - the users are effectivly logging on locally to the DC so there is a limit with what you can do with policies and the like (which is why its not recommended  - and actually prohibited on an SBS sever
0
 
LVL 2

Author Comment

by:Dan560
ID: 22612518
Terminal server would be running on the 2nd DC..so it would be on the windows 2003 standard which has been running as TS for a while. Its only one user, is this still a problem if I carry on using the windows 2003 server as a TS?
0
 
LVL 23

Expert Comment

by:ormerodrutter
ID: 22612557
If you only have ONE user why not set him up RWW on the SBS?
0
 
LVL 2

Author Comment

by:Dan560
ID: 22612593
Well we have one of those basic thin client terminals, so she has been using remote desktop, Will it really kick up a fuss if I carry on doing this? I'm not connecting to SBS remotley, but your saying it won't like it?
0

Featured Post

Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Trust relationship SBS2011 - > Windows 2003 3 42
Exchange 2010 account @iphone is getting emails even after password change 8 53
IIS 7.5 to 8.0 6 110
Windows 10 VPN? 6 87
This guide is intended for migrating Windows 2003 Standard with Exchange 2003 to Windows Small Business Server 2008. You will need the following: Exchange Best Practice Analyzer: http://www.microsoft.com/downloads/details.aspx?FamilyID=DBAB201F-…
The articles for turning off the Client firewall policy on the internet are for SBS 2008 and don't really help for SBS 2011. They actually moved the Client firewall policy. In 2011, the client firewall policy has moved to the SBS computers conta…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question