?
Solved

Sync Active Directory over Internet with Domain Controller

Posted on 2008-11-05
11
Medium Priority
?
2,323 Views
Last Modified: 2012-06-27
Hello Everyone

Can someone tell me how i would go about joining a windows 2008 box to a SBS 2003 domain from a different site over the internet.  

I do not have hardware VPN in place and would like to avoid for cost reasons.

Is it possible how do i do it :)

Thanks in advance.
0
Comment
Question by:Up2DateTech
11 Comments
 
LVL 10

Accepted Solution

by:
itsmein earned 750 total points
ID: 22892847
You dont need to have a hardware to VPN to the main site. Does your firewall in the main site have VPN feature. If so setup the firewall to accept incoming VPN sessions, and you could use install the VPN client software that will be available on the firewall manufacturers website to connect to the firewall.

If VPN feature isnt available on your firewall, setup a Windows 2003 Server to accept incoming VPN sessions, and then ensure its acessible via a public ip. You could then use windows vpn client on 2008 server to connect to the server in the main office.

Sounds complex, but is simple once you know where to look for.

http://articles.techrepublic.com.com/5100-10878_11-5805260.html - info on setting up VPN Server

SC
0
 
LVL 16

Expert Comment

by:JoWickerman
ID: 22892878
Hi Up2DateTech,

I agree with itsmein. Creating a VPN will be the easiest way. After doing that, follow these steps to join the 2008 Server to the 2003 SBS domain:

Join a computer running Windows Server 2008 as an additional domain controller
noteNote
Before joining a computer that is running the 64-bit version of Windows Server 2008 to a Windows SBS domain with ISA Server installed, make sure that the most recent service pack available for ISA Server 2004 is installed on the server running Windows SBS.
To join a computer running Windows Server 2008 as an additional domain controller to the Windows SBS network

   1.

      On the computer that is running Windows SBS, insert the Windows Server 2008 installation DVD.
      noteNote
      The autorun feature may attempt to run the server installation program.
          * If you insert the DVD for the 64-bit version of Windows Server 2008, an error message appears. Click OK to acknowledge the message, and then continue with the instructions that appear on the screen.
          * If you insert the DVD for the 32-bit version of Windows Server 2008, the installation wizard opens. Close the wizard, and then proceed with the instructions that appear on the screen.
   2.

      Open a Command Prompt window. To do this, Click Start, click Run, type cmd, and then click OK.
   3.

      Perform the following commands in the sequence noted:
      noteNote
      In these instructions, "drive" represents the letter of your DVD drive.
         1. At the command prompt, type drive:\sources\adprep\adprep.exe /forestprep
            At the ADPREP warning, type c and then press ENTER.
         2. At the command prompt, type drive:\sources\adprep\adprep.exe /domainprep
         3. If you are installing the additional server as a read-only domain controller, at the command prompt, type drive:\sources\adprep\adprep.exe /rodcprep
            noteNote
            For information about this option, see "AD DS: Read-Only Domain Controllers" at the Microsoft Web site (http://go.microsoft.com/fwlink/?LinkId=108239).
   4.

      Install Service Pack 2 for Exchange Server 2003 (SP2 for Exchange Server).
      noteNote
      SP2 for Exchange Server is included on the media for Windows SBS 2003 R2. If you are running Windows SBS 2003 with Service Pack 1, you can download SP2 for Exchange Server from the Microsoft Web site (http://go.microsoft.com/fwlink/?LinkId=65119).
   5.

      Physically connect the computer running Windows Server 2008 to the Windows SBS network.
   6.

      Log on to the computer that is running Windows Server 2008 by using the local administrator account.
      noteNote
      The following steps promote the Windows Server 2008 computer to a domain controller.
   7.

      Click Start, type dcpromo, right-click dcpromo, and then click Run as administrator. The Microsoft Active Directory® Domain Services Installation Wizard appears.
   8.

      Click Next to advance through the wizard until you arrive at the Choose a Deployment Configuration page.
   9.

      On the Choose a Deployment Configuration page, select Existing forest, select Add a domain controller to an existing domain, and then click Next.
  10.

      On the Network Credentials page, type the name of your Windows SBS domain (e.g., contoso.local), and then click Set. The Windows Security dialog box appears.
  11.

      Type the user name and password for the Windows SBS domain administrator, click OK, and then click Next.
  12.

      On the Select a Domain page, ensure that the domain name you typed in step 10 appears in the list of domains.
  13.

      Click Next to advance through the wizard until you arrive at the Additional Domain Controller Options page.
  14.

      On the Additional Domain Controller Options page, clear the DNS server check box, and then click Next until you arrive at the Directory Services Restore Mode Administrator Password page.
  15.

      On the Directory Services Restore Mode Administrator Password page, type the password to use when starting the computer that is running Windows Server 2008 in Directory Services Restore Mode.
  16.

      Continue through the wizard and accept all remaining default settings.
  17.

      After finishing the wizard, restart the server.
0
 
LVL 15

Expert Comment

by:HayesJupe
ID: 22892884
you like to avoid a hardware VPN for cost reasons ?

Im assuming you have some type of network at each site (otherwise how could you join them via VPN) - so that means you must have some form of router at each site... therefore you have the means to create a VPN between the sites for nothing more than your time of implementing it.

You could also utilise RRAS within windows to create the VPN - but why would you ?
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 

Author Comment

by:Up2DateTech
ID: 22892979
The routers don't have VPN support.  

I know i can create a VPN between the two servers no problems.  

I guess i was after an article on the best way to have it setup.
I found this one
http://technet.microsoft.com/en-us/library/cc758232.aspx
this looks like the go
0
 
LVL 10

Expert Comment

by:itsmein
ID: 22893010
glad you got, and yes its a good article.
0
 

Author Comment

by:Up2DateTech
ID: 22893018
syncing the domain i think will be the easy part.  i was thinking also if i could share files between the two offices.  I gather to do that i would need to have the windows boxes act as routers.  or could the the router route traffic for each subnet back through the servers.  
0
 
LVL 10

Expert Comment

by:itsmein
ID: 22893058
yes, windows 2003 lan routing works perfectly.
0
 
LVL 4

Expert Comment

by:pistolslapper
ID: 22893280
I have setup something just like JoWickerman suggested. The only real problem is speed as the 2 sites I connected onl had dsl links with .5mb upload. Needless to say it is practically useless for filesharing.

If you are using a connection with anything less than 3mb up and down, your wasting your time if its purpose is to aid filesharing.

If this doesnt deter you, then i would suggest picking up some Draytek 2800 Vigor DSL routers. They are cheap (ive seen them for less than 150$ on ebay) and extremely easy to configure. The VPN features of the router are excellent and its probably the easiest router i ever configured.
0
 

Author Comment

by:Up2DateTech
ID: 22899474
yeah i know file sharing is crap over dsl, though it will allow them to get small doc files no problems
0
 

Author Comment

by:Up2DateTech
ID: 22979647
I'm no sure who to give the points too.
itsmein gave good directions.
JoWickerman correct instructions.
i guess both.
0
 
LVL 7

Expert Comment

by:nttranbao
ID: 38128455
VPN: site to site or client to side that is the best solution i think.
0

Featured Post

Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
The article explains the process to deploy a Self-Service password reset portal I developed a few years ago. Hopefully, it will prove useful to someone.  Any comments, bug reports etc. are welcome...
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
Suggested Courses
Course of the Month7 days, 9 hours left to enroll

607 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question