Posted on 2011-02-21
Medium Priority
Last Modified: 2012-05-11
I have a scenario of implementing ADS synchorisation over internet . I have a local ADS running in 2003 server .I planned to  install exchange server in a remote location where my production servers are located .I have Ipsec VPN connectivity between local to remote .Which is the best way to replicte ADS with exchange in this case .Do I need to install another ADC in the remote location and create atwo way trust between these DCs or I can directly sync to the remote exchange server ? Si any other way to accomplish this without VPN? I mean through direct internet? .Please give your suggestions.
Question by:sumeshbnr
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
LVL 29

Accepted Solution

pwindell earned 2000 total points
ID: 34954637
The network connectivity is independent of any of the Domain stuff.  Mainly it just has to "work",...connectivity and routing correct,...it "works",...your ready to go there.   IP Scheme needs each location to be a different subnet to avoid burdening the slow WAN link with broadcasts,...meaning it needs to be a routed conenction,...not bridged

When you have two locations separated by a WAN link (VPN or whatever) you place a DC in each location. These would be DCs for the same domain,...there is only one domain,...particularly if you want to keep this simple (and there is no reason to over-complicate it).   Then configure Active Directory Sites & Services.  When doing that you create the Subnet Objects, Site Objects (just leave the "Default Site" there and don't use it).  Then create a Site Connector Object.  The built in Help in the AD Sites & Services MMC should have all the details you need,...it is not complicated as long as you don't make it complicated,..."keep it simple" applies here.  When finished you can set the Replication Rate between the Sites.  If you have a good solid VPN witrh reasonable bandwidth set it to the lowest rate (the fastest).  I think that is 5 minutes or 15 minutes, I forget which.

The AD Sites & Services also ensures that users and their workstations use the DC closest to them to keep excess traffic off the sow WAN link.

Basically it is the AD Sites & Services tha manage all this and it is not that complex.

Exchange,...well just do what you want there. You can place one at each Site or just use one central Exchange,...either way it works.  You can also start with just one and add the other one later after all the other WAN stuff is tweeked and running well,...Exchange depends on AD so it is good to make sure the WAN and AD are all happy and smiling first.  Then it also gives you time to study up on Exchange and how to deal with a "pair" of Exchanges in the same Exchange Organization.  The fact that the two Exchanges being separated by a slow WAN -vs- a fast local LAN Connection is pretty much just irrelevant other than performing a bit slower,...but functionaly nothing changes
LVL 11

Author Comment

ID: 34958132
Thanks Any other comments?
LVL 10

Expert Comment

ID: 34958332
It is always recommended to have a ADC in the Exchange site, so that the users doesn't get affected if the ADS in the primary site is down.  

You need not create a trust relationship between the DC's because as soon as you create a ADC the two way trust will get automatically established.
Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

LVL 29

Assisted Solution

pwindell earned 2000 total points
ID: 34961650
There is no ADC here.  This is all one Domain (or should be) and all one Exchange Organization.  You can even create the new DC with it sitting 6 inches away from the existing one then transport it to the new Site afterwards and readjust the addressing.  As far as Exchange the only ADC (Active Directory Connector) with it was with Exchange 5.5 to interact with Exchange2000 or newer because Ex5.5 was not Active Directory enabled.

If it is Exchange2007 or 2010 then it uses the AD Sites & Services to cover it's routing mechanism because the old Routing Groups in Exchange2003 has be replaced with the AD Sites & Services.
LVL 10

Expert Comment

ID: 34967753
Hello Pwindell, Sorry for the confusion.
By ADC I meant Additonal Domain Controller.
LVL 29

Expert Comment

ID: 34970073
Ah!  Ok,...sorry  :-)   I feel stupid now.

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Suggested Courses

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question