Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Setting up Second AD DC at Remote Office

Posted on 2008-10-15
9
Medium Priority
?
732 Views
Last Modified: 2012-06-22
Hi Guys I need urgent Help,

I am currently onsite at a New Company site trying to add a 2003 R2 Server onto our company Domain.
Head Office.
SBS 2003 Server
2003 R2 Server
Domain  company.local

I need to add the new Server onto our Comany1.local domain and set it up as Global catalog server and DNS and setup so it replicates with the Head office DC.
I have tried this setup and it has fallen over and dns was corrupted and wouldn't talk to the Head office so I a have removed the server off the Domain and wish to try again, I am Looking for some Detailed step by step guide that will assist me in getting this working correctly.
I nee to get this sorted very quickly. I need a step by step guide to follow in Detail Please!!!!!!!!!!!!!
thanks in advance!!!!!!

cheers

Big_daddy
0
Comment
Question by:big_daddy_pimp
  • 5
  • 4
9 Comments
 
LVL 13

Expert Comment

by:rhinoceros
ID: 22727856
1.  Build up new Windows 2003 R2 on remote office (include DNS service)
2.  Make sure to open some specified port between both sites (if you have the firewall on VPN tunnel)
  * But we will open all port during dcpromo processing, and then close all again except those specified port for DC replication
3. Run DCpromo to add the new server into domain as DC
4. After dcpromo finished,go to "Active Directory Sites and Services"
 - First, create new Subnets for remote office
 - Then, select new server as  "Global Catalog"
5. Waiting for DC replication, further you should run  DCDiag to check all replication is success or not..

I hope it can help.

DC port info:
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_22990459.html

0
 

Author Comment

by:big_daddy_pimp
ID: 22727908
The server can't find the Domain to connect to,  I have the Server configured pointing to the host sites dns and it still can't find the domain.

Big_daddy
0
 
LVL 13

Expert Comment

by:rhinoceros
ID: 22727926
First, are you ensure remote site routing is correct (e.g. ping to oppsite site) ?
Second, how about the IP address setting ?
At the first time, please set it like as following
192.168.1.x   (HO)              192.168.2.x (Remote Office)

Example: (new server)
IP Address: 192.168.2.1
Subnet: 255.255.255.0
Gateway: 192.168.2.11
DNS1: 192.168.1.x
DNS2: 192.168.2.x
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 

Author Comment

by:big_daddy_pimp
ID: 22727951
I can Ping all computers by IP address at Head office via the VPN, it will not resolve to hostname.

Big_daddy

Head office
Small Business Server  10.0.4.20
DNS 10.0.4.20
GW 10.0.4.254

Remote Site
2003 Server  Current config.
10.0.10.20
GW 10.0.10.254
DNS. 10.0.10.20, 10.0.4.20

Big_daddy
0
 

Author Comment

by:big_daddy_pimp
ID: 22728030
Got it to talk to Head office, I put in hosts file.
I am Running DCpromo currently, after i have finished in
Do I log into the Head office DC and make the New Server a Global catalog server on the Head office server or do i do it on the new server at the New site
Do i need to setup a site link for replication or Idp  have to do this at all.

big_daddy
0
 
LVL 13

Expert Comment

by:rhinoceros
ID: 22728110
>>Do I log into the Head office DC and make the New Server a Global catalog server on the Head office server or do i do it on the new server at the New site
You can do it in HO DC or New site DC, it's also worked.

>> Do i need to setup a site link for replication or Idp have to do this at all.
No, it will auto be created after full replication.
0
 

Author Comment

by:big_daddy_pimp
ID: 22736724
Thanks for Your assistance rhinoceros,
I think all is working well at this point under sites under sites and services --> Sites--> Default first site name -->Servers  I have My 3 Servers 2 at head office and 1 at the new site do I need to set the new server up under a different site ????? will this keep working if I don't.
Looking through the Event Viewer there doesn't appear to be any Failures but bthere is limite info in these logs anyway.
How do i confirm everything is working as it should.

cheers

Big_Daddy
0
 
LVL 13

Accepted Solution

by:
rhinoceros earned 2000 total points
ID: 22737345
1.
Yes, you should create new site for your good management
e.g. Default First Site Name renamed to Head Office, e.g. USA
      Create new site name e.g. UK
     And then right click of server name to move to their own site.

Furthermore,  AD will generate the best replication traffic connection by self between both sites
(Please look one of server --> NTDS settings --> Properties --> Connections tab)

2.
Run "Netdiag" and "DCdiag" to test all DC replication are passed or not on EACH DC
At last, please check event viewer replication status, because AD replication will be auto synchronized for each DC in scheduling, so you will see some normally information created by daily in event viewer on each DC
 - Directory Service --> NTDS ISAM, NTDS General
 - File Replication --> NfFrs (SYSVOL share is ready)
0
 

Author Closing Comment

by:big_daddy_pimp
ID: 31506592
Thanks Rhinoceros,

I appreciate your assistance and am greatful for your quick response's to my questions.

Big_Daddy
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question