• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1910
  • Last Modified:

how to configure backup domain controller in remote site

I have a remote site that will be used as or disaster recovery location.  There are 6 servers hosted on 1 VMware box at that site.  5 of them are synchronized with application, exch and file servers in the main location using doubletake.  The 6th is currently just a member server.   On the main site I have one 2003 and one 2008 Stan. Servers both as domain controllers and global catalog servers. The 2008 server holds the FSMO roles.  I want to have a backup of active directory but don't want to use AD backups or doubletake to do it as i don't think doubletake does AD well and restoring backing from nothing can be problematic as well.   I did have the member server setup as a domain controller once before but it seemed to cause slowness in the logins and policy errors.  We have a vpn connection between the main office (4.5mb) and this remote site (1.5mb) via T1's.

I found info referencing registry changes (MS KB244474 & MS KB910206) in the remote site to avoid issues of slowness but before I joined the server to the domain again I wanted to find out if anyone had other ideas or experiences with a similar configuration.

Thanks
0
cambee72
Asked:
cambee72
  • 5
  • 4
1 Solution
 
sk_raja_rajaCommented:
Install Windows 2003 on the new machine

Assign the new computer an IP address and subnet mask on the existing network

Make sure that the preferred DNS server on new machine points to the existing DNS Server on the Domain (normally the existing domain controller)

Join the new machine to the existing domain as a member server

Promote the server to a domain controller by running DCPROMO from the command line - select "additional domain controller for an existing domain"

Once Active Directory is installed then install DNS. You can do this through Add/Remove Programs->Windows Components->Networking Services->DNS.  If you are using Active Directory Integrated DNS then DNS will br replicated from the other DC/DNS.

Next make the new machine a global catalog server, go to Administrative Tools, Active Directory Sites and Services, Expand, Sites, Default first site and Servers. Right click on the new server and select properties and tick the Global Catalog checkbox. (Global catalog is essential for logon as it needs to be queried to establish Universal Group Membership)

Install DHCP on the router and install DHCP on the new DC. You can do this through Add/Remove Programs->Windows Components->Networking Services->DHCP.

You will then need to remove any existing DHCP prior to authorising the new DHCP Server. When setting up the new DHCP server dont forget to set the default gateway (router) and DNS Servers. Talking of which all the clients (and the domain controllers themselves) need to have their Preferred DNS server set the new domain controller.

Both Domain Controllers by this point will have Active Directory, Global Catalog, DNS and the domain could function for a while at least should any one of them fail.

for best efficiency define the sites and subnets in Adctive Directory Sites and Services and move the new DC into the new site. Make sure that clients on each site point to their local DC as their preferred DNS server
0
 
sk_raja_rajaCommented:
1.You will not see the word "backup" anywhere. In an Active Directory domain there are no primaries (PDC) and backups (BDC). They are all domain controllers. Some will hold the fsmo roles and each can be a global catalog. The only way you will be able to tell is to turn up logging and see if any clients are actually using it for authentication.

2.http://support.microsoft.com/default.aspx?kbid=197132
Applies to Windows 2000, but SBS and 2003 have the same roles
Configuring an Additional Domain Controller
http://www.microsoft.com/technet/prodtechnol/sbs/2000/maintain/addsrvrs.mspx#ECAA
0
 
sk_raja_rajaCommented:
In your scenario it is going to be simple.

Once you move the new DC to the remote site, confiure the AD sites and services based on subnets for both the sites.
The AD objects will be replicated to the new DC in remote location from existing dC on the other site..... Once replication is completed, all the workstaions on the remote site will login to the remote Dc only( since they are all on same subet or defined in AD sites and services).... so you dont need to worry for the network traffic
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
cambee72Author Commented:
thanks sk_raja_raja

I did have the member server setup before as a domain controller with DNS and DHCP for the remote location and it worked fine but again caused slowness on the main site's domain login.  I know I can control which GC server exchange connects to but is there anyway to control the clients to stay within the respective subnet when logging in?
0
 
cambee72Author Commented:
So once I create the subnet in AD sites and services, how do I assign that DC to that subnet?
0
 
sk_raja_rajaCommented:
Cambee72,

Make sure the ip address of that DC is also in the same subnet, and also you can go to the properties of the subnets in AD sites and services and add a subnet range for that specific site and so all the machines in that subnet range will get authenticated and resolve(dns) to that Dc only...its simple and easy configuration.

Please follow the step by step from this link,
http://windowsitpro.com/article/articleid/76275/jsi-tip-4969-how-do-i-create-and-configure-an-active-directory-site-in-a-windows-2000-environment.html
http://technet.microsoft.com/en-us/library/cc758663.aspx
0
 
cambee72Author Commented:
sk_raja_raja,
Everything is looking good.  one last question...now that i have the subnet of the remote location listed with the remote subnet specified should i create another subnet for the main site too?  and attach that subnet to the exisiting site "Default-First-Site-Name"?   Or is this not neccesary?
0
 
sk_raja_rajaCommented:
Yeah if you can do this all your local machines will authenticate to the local DC only...in simple in any site if you map a subnet range they will wuthnticate only to that specific DC
0
 
cambee72Author Commented:
thank you
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now