• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 595
  • Last Modified:

AD Sites and Services

I have a Windows 2003 server that I have run a DCPromo on.  I have Ad installed and I have setup DNS.  This server will be a remote DC and I am trying to get it setup so that it will work correctly when installed.  Currently I have it on a DHCP address, but it will have a static address outside of our IP and subnet range.  I wanted to get it setup and replicating correctly.  I found an article that stated I needed to make sure to change it to the correct static address before I shipped it, which isn't a problem.  I have made it a Global Catalog server and it appears to be working and replicating on our network with no errors.  
However, I am not sure what I need to setup in Sites and Services and when I should set it up.  I have created a site for the remote location, but the DC currently falls under my main site.  The subnet for the remote location has not been created and DHCP has not been installed on the DC, we intend to install it at the remote site.  
This is the first remote DC I have setup and I would really like it to work out of the box.  Any insight is appreciated.
Neptune IT
Neptune IT
2 Solutions

You can create the site object in AD whenever you like. Because DC objects are statically assigned to sites (unlike workstations/member servers, which are dynamically assigned based on subnet), assigning the DC to the site now will not affect anything.

In Sites and Services, you should create a subnet object for the intended subnet for the remote network.

You'd then create a new site object, and select the site's subnet you just created when prompted.

The KCC (Knowledge Consistency Checker) should create objects within each DC's 'NTDS Settings'. These should be left alone. What you need to do is expand 'Inter-Site Transports' in AD Sites and Services, drill down to 'IP' and create a new Site Link. Add the two sites (main site and remote site) into the link and set the replication interval. If bandwidth is OK, every 15 - 30 minutes would probably be suitable.

The DC object for the remote site can then be moved to the remote site's 'Servers' object manually.

AD Sites and Services is a representation of the physical layout of your domain. Ensure that you have set up all the required subnet objects and linked them to the correct site. You can create the site container straight away. The subnet objects are important to ensure users use the local DC.

Personally I would move the server object into the new site container in ADSS just before you physically take it to the remote site. Wait for replication to occur, and wait for the KCC to automatically generate the connection objects (or you can force this by select 'Check Replication Topology'). AD now 'thinks' the server is on the remote site. You'll then need to change the server's IP address, but make sure it's using another DC for DNS, otherwise you'll end up with a 'DNS island' where the change in DNS does not replicate. Obviously when you change the server's IP address it's going to lose comms until you move it to the correct subnet.

Once it's up in the new site, check comms with the main site, and check that the server's Host A record is correct in DNS. Once it's correct, you can change it back to look at itself if you want.
Remember to configure your site link object to set the replication interval and availibility. By default the two sites will be linked using the DEFAULTIPSITELINK object in the 'IP' container.
Neptune ITAuthor Commented:
Great job, both really helped me to setup a solution that worked great.  Thanks!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now