Need to joing a member server to domain over site-to-site VPN

We're setting up a remote office with Sonicwall site-to-site VPN and Windows Server 2008 standard as a  member serer. The PDC is Win2k8 as well

I would appreciate any input, step by step procedures and things to look out for while doing this project.

Thank you
LVL 1
piotrmikula108Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ren20atomCommented:
Hi,
Before joining the domain recommended is to lookup the following from the remote VPN Site.
1) Check if DNS is resolving the Domain name at the remote site.
2) Ping access to the Domain Controller
3) Telnet the following Ports which required to join the member server to the Domain:
135/TCP RPC *
137/UDP NetBIOS Name
138/UDP NetBIOS Netlogon and Browsing
139/TCP NetBIOS Session
53/TCP/UDP DNS
88/TCP/UDP Kerberos
445/TCP SMB
and if these are accessible.
If yes,try to join the member server to the domain.
You can check the status of the Domain joining by accessing the log file "c:\windows\debug\netsetup.log".
I may have missed  a required port or two.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
nappy_dThere are a 1000 ways to skin the technology cat.Commented:
Do you have a DC at the remote site? If not make sure the computers at the remote site are all configured to use the DC at your home site and no other for all DNS requests.

I would also recommend that when you are joining the new server to the domain that you make sure to use the fqdn and not the netbios name. This will help especially if you have trouble passing netbios info across the vpn link.
0
piotrmikula108Author Commented:
ren20atom, thanks for all the info

nappy_d, I don't - maybe I should make it a secondary DC?

Do I later need to configure anything in AD Sites & Services MMC snap in? they will be on different subnets
0
Make Network Traffic Fast and Furious with SD-WAN

Software-defined WAN (SD-WAN) is a technology that determines the most effective way to route traffic to and from datacenter sites. Register for the webinar today to learn how your business can benefit from SD-WAN!

Michael_DuebnerCommented:
Consider making the remote office DC a read only domain controller (RDOC).  Frequently remote office servers have to operate in an unsecure environment.  
0
piotrmikula108Author Commented:
that's a good idea Micheal, for RDOC
0
piotrmikula108Author Commented:
sorry guys for long inactivity on this topic

I just got the server, setup the site to site VPN and joined the server to the domain as a member server.

Now I need to run dcpromo, so it's a secondary DC

Would appreciate any advise on doing this?

0
Michael_DuebnerCommented:
If you were able to join the domain then the new server can see the existing domain.  Just run DCPROMO and you sit back and relax for a while.

Just curious, are you going with the RDOC option?
0
piotrmikula108Author Commented:
I may go with RDOC, just ran into a probelem where it say I need to run adprep /foresprep first but then when I run it it say it's not a domain controller so I can run it - Catch 22

How do I get around it?
0
Michael_DuebnerCommented:
I thought you were running 2008 in your existing domain.

You have to run adprep from an existing domain controller.  Just insert the 2008 media into the old server and go through

adprep /forestprep
adprep /domainprep

You'll find the adprep directory on the CD.  There is a 32bit and 64bit version in case you are using Windows Server 2008 R2 media.
0
piotrmikula108Author Commented:
the primary DC is a 2008 server, should I do something differently in this case?
0
Michael_DuebnerCommented:
You have to run adprep using the 2008 R2 media

New Forest Functional Level. Windows Server 2008 R2 includes a new Active Directory forest functional level. Many of the new features in the Active Directory server roles require the Active Directory forest to be configured with this new functional level.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.