Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Active directory install at remote site

Posted on 2009-04-09
4
Medium Priority
?
512 Views
Last Modified: 2012-05-06
I have a client with one location running SBS 2008 premium at their main site.  Currently there is one other site connected by a VPN with a DC. I am adding another site with a VPN connection and I am installing a DC there also.
Question 1) Are there any limits on DC in SBS 2008
Question 2) Would it be best to install Active Directory on the server at the main site and then ship it to the remote location or should I just add AD at the remote location? I have seen problems with SBS networks when a domain controller is not accessible, therefore I would think it is best to install it at the remote location.
0
Comment
Question by:ajdratch
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 6

Expert Comment

by:mickeyfan
ID: 24111608
It is by far best to install AD locally and then ship it. The SBS server has to be the GC no matter what.
0
 
LVL 58

Accepted Solution

by:
tigermatt earned 2000 total points
ID: 24111650

To answer your questions directly,

>> Are there any limits on DC in SBS 2008

No limits whatsoever. You can install as many servers into an SBS domain as you wish, and make them DCs/GCs/DNS Servers, PROVIDED they are Server 2003/2008 Standard/Enterprise Servers. You CANNOT install more than one SBS into any domain at a time.

>> Would it be best to install Active Directory on the server at the main site and then ship it to the remote location or should I just add AD at the remote location? I have seen problems with SBS networks when a domain controller is not accessible, therefore I would think it is best to install it at the remote location.

It doesn't matter either way. If you install at the remote site, simply verify connectivity is available to the rest of the network beforehand by way of a box-to-box VPN, and also verify all the appropriate ports are opened through the VPN tunnel: http://technet.microsoft.com/en-us/library/bb727063.aspx.

-Matt
0
 

Author Comment

by:ajdratch
ID: 24111837
I'd prefer to install AD locally and then ship it. I will make it a GC. I have just had problems with SBS networks when a DC in not accessible, it seems nothing works right. I'd hate to have problems for the one week when the server is being shipped.
0
 
LVL 58

Assisted Solution

by:tigermatt
tigermatt earned 2000 total points
ID: 24112057

You are correct; you may have issues if you promote the DC locally while it is disconnected from the network and being shipped. This is purely because the DC will register as a DC in Active Directory and machines will think it is present and working as a DC, when it will in fact not be contactable.

Either way, though, it doesn't really matter where you install Active Directory. The point is that you can do it either way - and there won't be any breach of the SBS EULA presuming it is Standard/Enterprise Edition of Server 2003/2008 which you installed.

-Matt
0

Featured Post

Learn Veeam advantages over legacy backup

Every day, more and more legacy backup customers switch to Veeam. Technologies designed for the client-server era cannot restore any IT service running in the hybrid cloud within seconds. Learn top Veeam advantages over legacy backup and get Veeam for the price of your renewal

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question