Solved

AD Multiple locations SBS 2008

Posted on 2011-03-10
12
391 Views
Last Modified: 2012-05-11
Hello all.

I have a main site using Windows 2008 SBS server.  Using Exchange to manage email for the whole comapny and the SBS box is also AD, DHCP and file server.  the domain is setup as "company.local' and there is a mix of XP and Windows 7 machines.  All works ok.

The company has 2 other locations.  They want to start centralizing control from the main office.  The first location already has a Windows 2003 SBS server running Exchange, DHCP and AD for that local domain called "remote.local".  

Questions, can I use that location 2 SBS 2003 server and hook it's AD into the main office AD so the main office controls everything with central user management?  as an example if a user from the main office goes to the remote location and logs into a computer there he will get his login scripts and mapped drives, etc.

The two remote locations will have a VPN active back to the main office through a Ciso routers.  Do I need to let certain traffic throught the VPN's for AD?

0
Comment
Question by:bobbydall2000
  • 4
  • 3
  • 2
  • +2
12 Comments
 
LVL 35

Accepted Solution

by:
Cris Hanna earned 168 total points
ID: 35096094
Unfortunately the SBS 2003 cannot be part of another AD domain.   You will essentially need to recreate all user accounts /mailboxes at the Main Office on SBS 2008.

At the remote location with SBS 2003, you'll need to export all email to .pst files and copy all data to a USB drive, and then decommission that server

The best option then is to bring up a Standard Server 2008/2008R2 at each of the remote locations as domain controllers/dns servers/global catalog servers/file servers with a Hardware VPN created directly by the routers at location

This will allow for faster logons at remote locations as well as local file access.
0
 
LVL 13

Assisted Solution

by:connectex
connectex earned 166 total points
ID: 35096356
If you don't want to setup servers at each location you might look into using Branch Cache with Windows 7 system or setting up a Remote Desktop Services (terminal services) at the main office. This way everything is centralized and easily accessible from any location.
0
 
LVL 2

Author Comment

by:bobbydall2000
ID: 35096588
I had that feeling about SBS 2003.  SBS likes to be the only server in the environment.  It's just a shame to have to get rid of that SBS 2003 server.

The Cisco routers have created a hardware VPN between locations.  Do I need to allow specific traffic through the VPN for AD?
0
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 35096618
No...you shouldn't have to...VPN should allow all traffic to pass
0
 
LVL 2

Author Comment

by:bobbydall2000
ID: 35096632
Would something like this work if I disabled Exchange:

http://support.microsoft.com/kb/884453
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 2

Author Comment

by:bobbydall2000
ID: 35096674
Never mind that link, SBS 2003 would need to be the root controller.
0
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 35096747
You are correct, There can be only one SBS server in the domain.
You could buy a new server 2008 license and install on the old server after data and email is migrated
0
 
LVL 95

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 166 total points
ID: 35097914
Just to clarify as it seems you think this is a SBS 2003 problem - it's both.  SBS has always insisted on being the FSMO master of an Active Directory domain.  As such, there can be only one SBS in a domain - of any version.  And no SBS systems have supported trusts which would allow both domains to continue working AND be joined.
0
 
LVL 13

Expert Comment

by:connectex
ID: 35098726
And I'm just going to point out your could run both sites on SBS. One site using SBS 2008 and the other site using SBS 2003. It's not the ideal solution as you have to manage them as separate domains, mail servers, and such. You'd probably want to use subdomains for each sites e-mail (i.e. user@site1.company.com and user@site2.company.com. It would make handling roaming users difficult and again it's not the best possible solution. Guess I'm mainly stating this as times are difficult and this option may be possible if the funding is unavailable for the "better" options.
0
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 35099241
doesn't exactly accomplish the goal posted by the author in the original post..."They want to start centralizing control from the main office"
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 35489741
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A procedure for exporting installed hotfix details of remote computers using powershell
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

929 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now