Need to joing a member server to domain over site-to-site VPN

We're setting up a remote office with Sonicwall site-to-site VPN and Windows Server 2008 standard as a  member serer. The PDC is Win2k8 as well

I would appreciate any input, step by step procedures and things to look out for while doing this project.

Thank you
Who is Participating?
Before joining the domain recommended is to lookup the following from the remote VPN Site.
1) Check if DNS is resolving the Domain name at the remote site.
2) Ping access to the Domain Controller
3) Telnet the following Ports which required to join the member server to the Domain:
135/TCP RPC *
137/UDP NetBIOS Name
138/UDP NetBIOS Netlogon and Browsing
139/TCP NetBIOS Session
88/TCP/UDP Kerberos
and if these are accessible.
If yes,try to join the member server to the domain.
You can check the status of the Domain joining by accessing the log file "c:\windows\debug\netsetup.log".
I may have missed  a required port or two.
nappy_dThere are a 1000 ways to skin the technology cat.Commented:
Do you have a DC at the remote site? If not make sure the computers at the remote site are all configured to use the DC at your home site and no other for all DNS requests.

I would also recommend that when you are joining the new server to the domain that you make sure to use the fqdn and not the netbios name. This will help especially if you have trouble passing netbios info across the vpn link.
piotrmikula108Author Commented:
ren20atom, thanks for all the info

nappy_d, I don't - maybe I should make it a secondary DC?

Do I later need to configure anything in AD Sites & Services MMC snap in? they will be on different subnets
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

Consider making the remote office DC a read only domain controller (RDOC).  Frequently remote office servers have to operate in an unsecure environment.  
piotrmikula108Author Commented:
that's a good idea Micheal, for RDOC
piotrmikula108Author Commented:
sorry guys for long inactivity on this topic

I just got the server, setup the site to site VPN and joined the server to the domain as a member server.

Now I need to run dcpromo, so it's a secondary DC

Would appreciate any advise on doing this?

If you were able to join the domain then the new server can see the existing domain.  Just run DCPROMO and you sit back and relax for a while.

Just curious, are you going with the RDOC option?
piotrmikula108Author Commented:
I may go with RDOC, just ran into a probelem where it say I need to run adprep /foresprep first but then when I run it it say it's not a domain controller so I can run it - Catch 22

How do I get around it?
I thought you were running 2008 in your existing domain.

You have to run adprep from an existing domain controller.  Just insert the 2008 media into the old server and go through

adprep /forestprep
adprep /domainprep

You'll find the adprep directory on the CD.  There is a 32bit and 64bit version in case you are using Windows Server 2008 R2 media.
piotrmikula108Author Commented:
the primary DC is a 2008 server, should I do something differently in this case?
You have to run adprep using the 2008 R2 media

New Forest Functional Level. Windows Server 2008 R2 includes a new Active Directory forest functional level. Many of the new features in the Active Directory server roles require the Active Directory forest to be configured with this new functional level.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.