Solved

AD Multiple locations SBS 2008

Posted on 2011-03-10
12
393 Views
Last Modified: 2012-05-11
Hello all.

I have a main site using Windows 2008 SBS server.  Using Exchange to manage email for the whole comapny and the SBS box is also AD, DHCP and file server.  the domain is setup as "company.local' and there is a mix of XP and Windows 7 machines.  All works ok.

The company has 2 other locations.  They want to start centralizing control from the main office.  The first location already has a Windows 2003 SBS server running Exchange, DHCP and AD for that local domain called "remote.local".  

Questions, can I use that location 2 SBS 2003 server and hook it's AD into the main office AD so the main office controls everything with central user management?  as an example if a user from the main office goes to the remote location and logs into a computer there he will get his login scripts and mapped drives, etc.

The two remote locations will have a VPN active back to the main office through a Ciso routers.  Do I need to let certain traffic throught the VPN's for AD?

0
Comment
Question by:bobbydall2000
  • 4
  • 3
  • 2
  • +2
12 Comments
 
LVL 35

Accepted Solution

by:
Cris Hanna earned 168 total points
ID: 35096094
Unfortunately the SBS 2003 cannot be part of another AD domain.   You will essentially need to recreate all user accounts /mailboxes at the Main Office on SBS 2008.

At the remote location with SBS 2003, you'll need to export all email to .pst files and copy all data to a USB drive, and then decommission that server

The best option then is to bring up a Standard Server 2008/2008R2 at each of the remote locations as domain controllers/dns servers/global catalog servers/file servers with a Hardware VPN created directly by the routers at location

This will allow for faster logons at remote locations as well as local file access.
0
 
LVL 13

Assisted Solution

by:connectex
connectex earned 166 total points
ID: 35096356
If you don't want to setup servers at each location you might look into using Branch Cache with Windows 7 system or setting up a Remote Desktop Services (terminal services) at the main office. This way everything is centralized and easily accessible from any location.
0
 
LVL 2

Author Comment

by:bobbydall2000
ID: 35096588
I had that feeling about SBS 2003.  SBS likes to be the only server in the environment.  It's just a shame to have to get rid of that SBS 2003 server.

The Cisco routers have created a hardware VPN between locations.  Do I need to allow specific traffic through the VPN for AD?
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 35

Expert Comment

by:Cris Hanna
ID: 35096618
No...you shouldn't have to...VPN should allow all traffic to pass
0
 
LVL 2

Author Comment

by:bobbydall2000
ID: 35096632
Would something like this work if I disabled Exchange:

http://support.microsoft.com/kb/884453
0
 
LVL 2

Author Comment

by:bobbydall2000
ID: 35096674
Never mind that link, SBS 2003 would need to be the root controller.
0
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 35096747
You are correct, There can be only one SBS server in the domain.
You could buy a new server 2008 license and install on the old server after data and email is migrated
0
 
LVL 95

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 166 total points
ID: 35097914
Just to clarify as it seems you think this is a SBS 2003 problem - it's both.  SBS has always insisted on being the FSMO master of an Active Directory domain.  As such, there can be only one SBS in a domain - of any version.  And no SBS systems have supported trusts which would allow both domains to continue working AND be joined.
0
 
LVL 13

Expert Comment

by:connectex
ID: 35098726
And I'm just going to point out your could run both sites on SBS. One site using SBS 2008 and the other site using SBS 2003. It's not the ideal solution as you have to manage them as separate domains, mail servers, and such. You'd probably want to use subdomains for each sites e-mail (i.e. user@site1.company.com and user@site2.company.com. It would make handling roaming users difficult and again it's not the best possible solution. Guess I'm mainly stating this as times are difficult and this option may be possible if the funding is unavailable for the "better" options.
0
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 35099241
doesn't exactly accomplish the goal posted by the author in the original post..."They want to start centralizing control from the main office"
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 35489741
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question