Solved

AD Sites and Services

Posted on 2009-05-04
3
585 Views
Last Modified: 2012-05-06
I have a Windows 2003 server that I have run a DCPromo on.  I have Ad installed and I have setup DNS.  This server will be a remote DC and I am trying to get it setup so that it will work correctly when installed.  Currently I have it on a DHCP address, but it will have a static address outside of our IP and subnet range.  I wanted to get it setup and replicating correctly.  I found an article that stated I needed to make sure to change it to the correct static address before I shipped it, which isn't a problem.  I have made it a Global Catalog server and it appears to be working and replicating on our network with no errors.  
However, I am not sure what I need to setup in Sites and Services and when I should set it up.  I have created a site for the remote location, but the DC currently falls under my main site.  The subnet for the remote location has not been created and DHCP has not been installed on the DC, we intend to install it at the remote site.  
This is the first remote DC I have setup and I would really like it to work out of the box.  Any insight is appreciated.
0
Comment
Question by:neptuneit
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 58

Accepted Solution

by:
tigermatt earned 250 total points
ID: 24295681

You can create the site object in AD whenever you like. Because DC objects are statically assigned to sites (unlike workstations/member servers, which are dynamically assigned based on subnet), assigning the DC to the site now will not affect anything.

In Sites and Services, you should create a subnet object for the intended subnet for the remote network.

You'd then create a new site object, and select the site's subnet you just created when prompted.

The KCC (Knowledge Consistency Checker) should create objects within each DC's 'NTDS Settings'. These should be left alone. What you need to do is expand 'Inter-Site Transports' in AD Sites and Services, drill down to 'IP' and create a new Site Link. Add the two sites (main site and remote site) into the link and set the replication interval. If bandwidth is OK, every 15 - 30 minutes would probably be suitable.

The DC object for the remote site can then be moved to the remote site's 'Servers' object manually.

-Matt
0
 
LVL 27

Assisted Solution

by:bluntTony
bluntTony earned 250 total points
ID: 24295846
AD Sites and Services is a representation of the physical layout of your domain. Ensure that you have set up all the required subnet objects and linked them to the correct site. You can create the site container straight away. The subnet objects are important to ensure users use the local DC.

Personally I would move the server object into the new site container in ADSS just before you physically take it to the remote site. Wait for replication to occur, and wait for the KCC to automatically generate the connection objects (or you can force this by select 'Check Replication Topology'). AD now 'thinks' the server is on the remote site. You'll then need to change the server's IP address, but make sure it's using another DC for DNS, otherwise you'll end up with a 'DNS island' where the change in DNS does not replicate. Obviously when you change the server's IP address it's going to lose comms until you move it to the correct subnet.

Once it's up in the new site, check comms with the main site, and check that the server's Host A record is correct in DNS. Once it's correct, you can change it back to look at itself if you want.
Remember to configure your site link object to set the replication interval and availibility. By default the two sites will be linked using the DEFAULTIPSITELINK object in the 'IP' container.
0
 
LVL 1

Author Closing Comment

by:neptuneit
ID: 31577564
Great job, both really helped me to setup a solution that worked great.  Thanks!
0

Featured Post

Backup Solution for AWS

Read about how CloudBerry Backup fully integrates your backups with Amazon S3 and Amazon Glacier to provide military-grade encryption and dramatically cut storage costs on any platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question