Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

AD Multiple locations SBS 2008

Posted on 2011-03-10
12
Medium Priority
?
403 Views
Last Modified: 2012-05-11
Hello all.

I have a main site using Windows 2008 SBS server.  Using Exchange to manage email for the whole comapny and the SBS box is also AD, DHCP and file server.  the domain is setup as "company.local' and there is a mix of XP and Windows 7 machines.  All works ok.

The company has 2 other locations.  They want to start centralizing control from the main office.  The first location already has a Windows 2003 SBS server running Exchange, DHCP and AD for that local domain called "remote.local".  

Questions, can I use that location 2 SBS 2003 server and hook it's AD into the main office AD so the main office controls everything with central user management?  as an example if a user from the main office goes to the remote location and logs into a computer there he will get his login scripts and mapped drives, etc.

The two remote locations will have a VPN active back to the main office through a Ciso routers.  Do I need to let certain traffic throught the VPN's for AD?

0
Comment
Question by:bobbydall2000
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +2
12 Comments
 
LVL 35

Accepted Solution

by:
Cris Hanna earned 672 total points
ID: 35096094
Unfortunately the SBS 2003 cannot be part of another AD domain.   You will essentially need to recreate all user accounts /mailboxes at the Main Office on SBS 2008.

At the remote location with SBS 2003, you'll need to export all email to .pst files and copy all data to a USB drive, and then decommission that server

The best option then is to bring up a Standard Server 2008/2008R2 at each of the remote locations as domain controllers/dns servers/global catalog servers/file servers with a Hardware VPN created directly by the routers at location

This will allow for faster logons at remote locations as well as local file access.
0
 
LVL 13

Assisted Solution

by:connectex
connectex earned 664 total points
ID: 35096356
If you don't want to setup servers at each location you might look into using Branch Cache with Windows 7 system or setting up a Remote Desktop Services (terminal services) at the main office. This way everything is centralized and easily accessible from any location.
0
 
LVL 2

Author Comment

by:bobbydall2000
ID: 35096588
I had that feeling about SBS 2003.  SBS likes to be the only server in the environment.  It's just a shame to have to get rid of that SBS 2003 server.

The Cisco routers have created a hardware VPN between locations.  Do I need to allow specific traffic through the VPN for AD?
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 35

Expert Comment

by:Cris Hanna
ID: 35096618
No...you shouldn't have to...VPN should allow all traffic to pass
0
 
LVL 2

Author Comment

by:bobbydall2000
ID: 35096632
Would something like this work if I disabled Exchange:

http://support.microsoft.com/kb/884453
0
 
LVL 2

Author Comment

by:bobbydall2000
ID: 35096674
Never mind that link, SBS 2003 would need to be the root controller.
0
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 35096747
You are correct, There can be only one SBS server in the domain.
You could buy a new server 2008 license and install on the old server after data and email is migrated
0
 
LVL 96

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 664 total points
ID: 35097914
Just to clarify as it seems you think this is a SBS 2003 problem - it's both.  SBS has always insisted on being the FSMO master of an Active Directory domain.  As such, there can be only one SBS in a domain - of any version.  And no SBS systems have supported trusts which would allow both domains to continue working AND be joined.
0
 
LVL 13

Expert Comment

by:connectex
ID: 35098726
And I'm just going to point out your could run both sites on SBS. One site using SBS 2008 and the other site using SBS 2003. It's not the ideal solution as you have to manage them as separate domains, mail servers, and such. You'd probably want to use subdomains for each sites e-mail (i.e. user@site1.company.com and user@site2.company.com. It would make handling roaming users difficult and again it's not the best possible solution. Guess I'm mainly stating this as times are difficult and this option may be possible if the funding is unavailable for the "better" options.
0
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 35099241
doesn't exactly accomplish the goal posted by the author in the original post..."They want to start centralizing control from the main office"
0
 
LVL 71

Expert Comment

by:Qlemo
ID: 35489741
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

[Webinar] Lessons on Recovering from Petya

Skyport is working hard to help customers recover from recent attacks, like the Petya worm. This work has brought to light some important lessons. New malware attacks like this can take down your entire environment. Learn from others mistakes on how to prevent Petya like worms.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here's a look at newsworthy articles and community happenings during the last month.
Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question