Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

How do you join two domain controllers on different subnets?

Posted on 2011-02-19
5
Medium Priority
?
1,537 Views
Last Modified: 2012-05-11
I have a 2008 Server that is going to hold Active Directory and Exchange that will be in a Colo. I am then going to have two other locations with an 2008 Server at each. The second and third location will connect to the Colo via a VPN. The Second and third location will connect to each other via a 3mb MPLS line. I want to setup DFS on all three to keep a copy of the data which is mostly AutoCad files and some Office documents, on all three servers. This way if the connection between them is broken they will still be able to login and access documents. I am not sure how to add the 2nd and 3rd location to the Server in the Colo though.  I am not 100% sure that what I am proposing will work either.
0
Comment
Question by:aando
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 17

Assisted Solution

by:OriNetworks
OriNetworks earned 600 total points
ID: 34934085
Joining two domain controlers over different subnets is basically the same as joining two domain controllers on the same network as long as a VPN connects the two networks. The only different being that you may want to setup as a different site in Active Directory Sites and Services.
0
 

Author Comment

by:aando
ID: 34934110
What do you mean a different site in AD sites and services? Also will the DFS work and will all three sites replicate fine on different subnets?
0
 
LVL 42

Accepted Solution

by:
kevinhsieh earned 1400 total points
ID: 34934148
What you are proposing should work fine. You need to have the VPN running before you add the remote servers to the domain. As long as the servers can ping the domain controller(s) at the colo and are set to use them for DNS you will be able to add them to the domain and then run DCpromo to make them domain controllers. You can then make the office servers DNS and DHCP servers. You will need to properly configure AD Sites and Services or your clients will connect to remote servers when they should be connecting locally.
For the DFS, the DFS name servers should be hosted by the domain controllers and you should build the namespace like \\domain.local\dfs\folder1. You don't want to use server names in the path because it makes it harder to change servers in the future. You also need to think about how to organize the folders in DFS because you need some way to prevent users from two different sites editing the same document at the same time. DFS doesn't prevent that and the version of the file that gets saved last is kept. My solution to this problem is to organize files by location and make only 1 copy of the files available at a time. That may or may not work for you depending on how much people from different locations collaborate on the same files.

I enable shadow copies on all of my servers, but I let DFS replicate everything back to a central server for backups. I also enabled QoS on the network and forced DFS-R traffic to use a specific TCP port so that I could apply QoS to it. Otherwise DFS-R traffic can swamp your WAN connection.

If you are using Windows 2008 R2 with Windows 7 Ultimate or Enterprise you can use BranchCache to improve performance when accessing files over the WAN.
0
 

Author Comment

by:aando
ID: 34934304
Kevinhsieh...

1.Are you saying the office servers should only have the colo server as their DNS and then the 2nd and 3rd sites comuters use those servers for their dns?

2. Do you know where I can find information on how to properly setup sites and services?

3. Then is the DFS replicating the "ShadowCopy" data back to a central server for backups or just the normal data?
0
 
LVL 42

Assisted Solution

by:kevinhsieh
kevinhsieh earned 1400 total points
ID: 34935954
AD Sites and Services
http://technet.microsoft.com/en-us/library/cc730868.aspx

DFS Replication will replicate just the normal files, but shadow copies allows you to have local backups of the files as long as you don't lose the whole server.

The office server needs to use the colo server for DNS just so it can contact the domain controller so it can join the domain. After that, it can point to itself for DNS and the local clients can point to the local server for primary DNS.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Suggested Courses

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question