Solved

how to configure backup domain controller in remote site

Posted on 2008-10-14
9
1,892 Views
Last Modified: 2012-05-05
I have a remote site that will be used as or disaster recovery location.  There are 6 servers hosted on 1 VMware box at that site.  5 of them are synchronized with application, exch and file servers in the main location using doubletake.  The 6th is currently just a member server.   On the main site I have one 2003 and one 2008 Stan. Servers both as domain controllers and global catalog servers. The 2008 server holds the FSMO roles.  I want to have a backup of active directory but don't want to use AD backups or doubletake to do it as i don't think doubletake does AD well and restoring backing from nothing can be problematic as well.   I did have the member server setup as a domain controller once before but it seemed to cause slowness in the logins and policy errors.  We have a vpn connection between the main office (4.5mb) and this remote site (1.5mb) via T1's.

I found info referencing registry changes (MS KB244474 & MS KB910206) in the remote site to avoid issues of slowness but before I joined the server to the domain again I wanted to find out if anyone had other ideas or experiences with a similar configuration.

Thanks
0
Comment
Question by:cambee72
  • 5
  • 4
9 Comments
 
LVL 18

Expert Comment

by:sk_raja_raja
ID: 22713294
Install Windows 2003 on the new machine

Assign the new computer an IP address and subnet mask on the existing network

Make sure that the preferred DNS server on new machine points to the existing DNS Server on the Domain (normally the existing domain controller)

Join the new machine to the existing domain as a member server

Promote the server to a domain controller by running DCPROMO from the command line - select "additional domain controller for an existing domain"

Once Active Directory is installed then install DNS. You can do this through Add/Remove Programs->Windows Components->Networking Services->DNS.  If you are using Active Directory Integrated DNS then DNS will br replicated from the other DC/DNS.

Next make the new machine a global catalog server, go to Administrative Tools, Active Directory Sites and Services, Expand, Sites, Default first site and Servers. Right click on the new server and select properties and tick the Global Catalog checkbox. (Global catalog is essential for logon as it needs to be queried to establish Universal Group Membership)

Install DHCP on the router and install DHCP on the new DC. You can do this through Add/Remove Programs->Windows Components->Networking Services->DHCP.

You will then need to remove any existing DHCP prior to authorising the new DHCP Server. When setting up the new DHCP server dont forget to set the default gateway (router) and DNS Servers. Talking of which all the clients (and the domain controllers themselves) need to have their Preferred DNS server set the new domain controller.

Both Domain Controllers by this point will have Active Directory, Global Catalog, DNS and the domain could function for a while at least should any one of them fail.

for best efficiency define the sites and subnets in Adctive Directory Sites and Services and move the new DC into the new site. Make sure that clients on each site point to their local DC as their preferred DNS server
0
 
LVL 18

Expert Comment

by:sk_raja_raja
ID: 22713310
1.You will not see the word "backup" anywhere. In an Active Directory domain there are no primaries (PDC) and backups (BDC). They are all domain controllers. Some will hold the fsmo roles and each can be a global catalog. The only way you will be able to tell is to turn up logging and see if any clients are actually using it for authentication.

2.http://support.microsoft.com/default.aspx?kbid=197132
Applies to Windows 2000, but SBS and 2003 have the same roles
Configuring an Additional Domain Controller
http://www.microsoft.com/technet/prodtechnol/sbs/2000/maintain/addsrvrs.mspx#ECAA
0
 
LVL 18

Expert Comment

by:sk_raja_raja
ID: 22713350
In your scenario it is going to be simple.

Once you move the new DC to the remote site, confiure the AD sites and services based on subnets for both the sites.
The AD objects will be replicated to the new DC in remote location from existing dC on the other site..... Once replication is completed, all the workstaions on the remote site will login to the remote Dc only( since they are all on same subet or defined in AD sites and services).... so you dont need to worry for the network traffic
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 

Author Comment

by:cambee72
ID: 22713380
thanks sk_raja_raja

I did have the member server setup before as a domain controller with DNS and DHCP for the remote location and it worked fine but again caused slowness on the main site's domain login.  I know I can control which GC server exchange connects to but is there anyway to control the clients to stay within the respective subnet when logging in?
0
 

Author Comment

by:cambee72
ID: 22713439
So once I create the subnet in AD sites and services, how do I assign that DC to that subnet?
0
 
LVL 18

Expert Comment

by:sk_raja_raja
ID: 22713568
Cambee72,

Make sure the ip address of that DC is also in the same subnet, and also you can go to the properties of the subnets in AD sites and services and add a subnet range for that specific site and so all the machines in that subnet range will get authenticated and resolve(dns) to that Dc only...its simple and easy configuration.

Please follow the step by step from this link,
http://windowsitpro.com/article/articleid/76275/jsi-tip-4969-how-do-i-create-and-configure-an-active-directory-site-in-a-windows-2000-environment.html
http://technet.microsoft.com/en-us/library/cc758663.aspx
0
 

Author Comment

by:cambee72
ID: 22722322
sk_raja_raja,
Everything is looking good.  one last question...now that i have the subnet of the remote location listed with the remote subnet specified should i create another subnet for the main site too?  and attach that subnet to the exisiting site "Default-First-Site-Name"?   Or is this not neccesary?
0
 
LVL 18

Accepted Solution

by:
sk_raja_raja earned 500 total points
ID: 22722441
Yeah if you can do this all your local machines will authenticate to the local DC only...in simple in any site if you map a subnet range they will wuthnticate only to that specific DC
0
 

Author Closing Comment

by:cambee72
ID: 31505981
thank you
0

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
If you ever consider purchasing any Daossoft Software Products, DON'T expect any meaningful support - This article should convince you why!
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now