[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

How Can I Add and Remove Workstations in a Different Domain Through a VPN Tunnel?

Posted on 2009-04-03
3
Medium Priority
?
254 Views
Last Modified: 2012-05-06
We have a client who wants us to manage their laptops, running our custom application, through a site-to-site VPN tunnel. We will create a DNS zone hem for them in our internal DNS with some of their servers.  One of their servers is machineA.companyB.com, and another is machineB.northamerica.companyB.com.  Their domain is northamerica.companyB.com.  After creating the second one in Microsoft DNS as a host record DNS automatically created a subzone, northamerica, and placed machineB in it.  My problem is this.  I went to create a host record in companyB.com called "northamerica" and assign it the IP address of one of their domain controllers. Microsoft DNS told me the host record was successfully created but I can
not see it.  The goal was to make "northamerica.companyB.com" resolve to a DC so when joining the northamerica.companyB.com domain the managed laptop will find the DC. So I have two questions. One, is this the recommended way to setup DNS so a laptop can find a DC for a different domain over a site-to-site VPN tunnel? Two, if it is, how do I overcome the apparent inability to creat a host record called "northamerica.companyB.com" if a subzone "northamerica" exists?
0
Comment
Question by:adoughe
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 3

Accepted Solution

by:
chrishudson123 earned 1500 total points
ID: 24066073
If you are intending to locate Domain Controller for Active Directiry related needs,like adding/removing/editing AD objetcts,the normal host record is not enough.In DC locator process for ldap queries and updates U need corresponding SRV records.The easy way is configure conditional forwwarding in Ur DNS

1)  Click Start, point to Administrative Tools, and then click DNS.
2)  Right-click ServerName, where ServerName is the name of the server, and then click the Forwarders tab.
3) Click a DNS domain in the DNS domain list. Or, click New, type the name of the DNS domain for which you want to forward queries in the DNS domain box, and then click OK.
4)  In the Selected domain's forwarder IP address box, type the IP address of the first DNS server to which you want to forward, and then click Add.
5) Click OK.


If you just need to resolve northamerica.companyB.com to the DC's IP and add some more machines in each DNS zone.
1)Create a standard primary zone "companyB.com"
2)Create a domain  "NorthAmerica" under "CompanyB.com" DNS Zone.
3)Update the "Same as Parent Folder" with DC name(Same as parent folder means,if somebody is trying to resolve with zone name the DNS will give the corresponding IP as in "Same Parent Folder").The DCs of CompanyB will  be under the zone companyb.com  and NorthAmerica DCs should be Under newly created domain name
        3.a)Click Start, point to Programs or All Programs, point to Administrative Tools, and then click DNS.
         3.b)In the DNS console, expand the server object, expand the Forward Lookup Zones folder,  and then click the folder for the local domain.
         3.c)On the Action menu, click New Host.
         3.d)In the IP address text box, type the IP address of the server's local network adapter.
        3.e)Leave the Name box empty, click Create Associated PTR Record, and then click Add Host.
        3.f)When you receive the "(same as parent folder) is not a valid host name. Are you sure you want to add this record?" message, click Yes.

4)You can add any number hosts records under corresponding name space.Remember this is just to resolving the name to IPs


If you have very few clients which needs this resolution,then there is no need of creatong a DNS.Just update the hosts file(SystemRoot \System32\Drivers\ Etc folder) of each machine with corresponding records.


.
0
 
LVL 1

Author Comment

by:adoughe
ID: 24091726
chrishudson123, thanks for your reply. It was necessary though to do more than you describe. I basically had to duplicate much of what is present in our own DNS for our domain for the CompanyB domain. This included creating the "_msdcs" and other structures in DNS. I will give you credit for answering the question with that caveat. Thanks again...
0
 
LVL 3

Expert Comment

by:chrishudson123
ID: 24093887
That's why I recommended forwarder configuration in case of DC loacte process.U can configure secondary DNS zone or forwarder for this.If you just duplicate the zone details ,now it will be fine.But in future when they add/remove the new DC,U have update the records
0

Featured Post

Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question