Solved

how to configure backup domain controller in remote site

Posted on 2008-10-14
9
1,889 Views
Last Modified: 2012-05-05
I have a remote site that will be used as or disaster recovery location.  There are 6 servers hosted on 1 VMware box at that site.  5 of them are synchronized with application, exch and file servers in the main location using doubletake.  The 6th is currently just a member server.   On the main site I have one 2003 and one 2008 Stan. Servers both as domain controllers and global catalog servers. The 2008 server holds the FSMO roles.  I want to have a backup of active directory but don't want to use AD backups or doubletake to do it as i don't think doubletake does AD well and restoring backing from nothing can be problematic as well.   I did have the member server setup as a domain controller once before but it seemed to cause slowness in the logins and policy errors.  We have a vpn connection between the main office (4.5mb) and this remote site (1.5mb) via T1's.

I found info referencing registry changes (MS KB244474 & MS KB910206) in the remote site to avoid issues of slowness but before I joined the server to the domain again I wanted to find out if anyone had other ideas or experiences with a similar configuration.

Thanks
0
Comment
Question by:cambee72
  • 5
  • 4
9 Comments
 
LVL 18

Expert Comment

by:sk_raja_raja
ID: 22713294
Install Windows 2003 on the new machine

Assign the new computer an IP address and subnet mask on the existing network

Make sure that the preferred DNS server on new machine points to the existing DNS Server on the Domain (normally the existing domain controller)

Join the new machine to the existing domain as a member server

Promote the server to a domain controller by running DCPROMO from the command line - select "additional domain controller for an existing domain"

Once Active Directory is installed then install DNS. You can do this through Add/Remove Programs->Windows Components->Networking Services->DNS.  If you are using Active Directory Integrated DNS then DNS will br replicated from the other DC/DNS.

Next make the new machine a global catalog server, go to Administrative Tools, Active Directory Sites and Services, Expand, Sites, Default first site and Servers. Right click on the new server and select properties and tick the Global Catalog checkbox. (Global catalog is essential for logon as it needs to be queried to establish Universal Group Membership)

Install DHCP on the router and install DHCP on the new DC. You can do this through Add/Remove Programs->Windows Components->Networking Services->DHCP.

You will then need to remove any existing DHCP prior to authorising the new DHCP Server. When setting up the new DHCP server dont forget to set the default gateway (router) and DNS Servers. Talking of which all the clients (and the domain controllers themselves) need to have their Preferred DNS server set the new domain controller.

Both Domain Controllers by this point will have Active Directory, Global Catalog, DNS and the domain could function for a while at least should any one of them fail.

for best efficiency define the sites and subnets in Adctive Directory Sites and Services and move the new DC into the new site. Make sure that clients on each site point to their local DC as their preferred DNS server
0
 
LVL 18

Expert Comment

by:sk_raja_raja
ID: 22713310
1.You will not see the word "backup" anywhere. In an Active Directory domain there are no primaries (PDC) and backups (BDC). They are all domain controllers. Some will hold the fsmo roles and each can be a global catalog. The only way you will be able to tell is to turn up logging and see if any clients are actually using it for authentication.

2.http://support.microsoft.com/default.aspx?kbid=197132
Applies to Windows 2000, but SBS and 2003 have the same roles
Configuring an Additional Domain Controller
http://www.microsoft.com/technet/prodtechnol/sbs/2000/maintain/addsrvrs.mspx#ECAA
0
 
LVL 18

Expert Comment

by:sk_raja_raja
ID: 22713350
In your scenario it is going to be simple.

Once you move the new DC to the remote site, confiure the AD sites and services based on subnets for both the sites.
The AD objects will be replicated to the new DC in remote location from existing dC on the other site..... Once replication is completed, all the workstaions on the remote site will login to the remote Dc only( since they are all on same subet or defined in AD sites and services).... so you dont need to worry for the network traffic
0
 

Author Comment

by:cambee72
ID: 22713380
thanks sk_raja_raja

I did have the member server setup before as a domain controller with DNS and DHCP for the remote location and it worked fine but again caused slowness on the main site's domain login.  I know I can control which GC server exchange connects to but is there anyway to control the clients to stay within the respective subnet when logging in?
0
 

Author Comment

by:cambee72
ID: 22713439
So once I create the subnet in AD sites and services, how do I assign that DC to that subnet?
0
 
LVL 18

Expert Comment

by:sk_raja_raja
ID: 22713568
Cambee72,

Make sure the ip address of that DC is also in the same subnet, and also you can go to the properties of the subnets in AD sites and services and add a subnet range for that specific site and so all the machines in that subnet range will get authenticated and resolve(dns) to that Dc only...its simple and easy configuration.

Please follow the step by step from this link,
http://windowsitpro.com/article/articleid/76275/jsi-tip-4969-how-do-i-create-and-configure-an-active-directory-site-in-a-windows-2000-environment.html
http://technet.microsoft.com/en-us/library/cc758663.aspx
0
 

Author Comment

by:cambee72
ID: 22722322
sk_raja_raja,
Everything is looking good.  one last question...now that i have the subnet of the remote location listed with the remote subnet specified should i create another subnet for the main site too?  and attach that subnet to the exisiting site "Default-First-Site-Name"?   Or is this not neccesary?
0
 
LVL 18

Accepted Solution

by:
sk_raja_raja earned 500 total points
ID: 22722441
Yeah if you can do this all your local machines will authenticate to the local DC only...in simple in any site if you map a subnet range they will wuthnticate only to that specific DC
0
 

Author Closing Comment

by:cambee72
ID: 31505981
thank you
0

Join & Write a Comment

Suggested Solutions

Resolve DNS query failed errors for Exchange
In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now