Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Help with domain over vpn

Posted on 2011-03-10
5
Medium Priority
?
610 Views
Last Modified: 2012-05-11
I need some help before I begin my task. Here is the current setup. I have 3 sites all connected over a vpn. They are all using Cisco rvs4000 routers for the site to site tunnels.  Currently each site is in a workgroup setting and receiving dhcp and dns by their respective routers.  Site 1 has a single windows 2008 server.  Each site also lan different local lan ip subnets. Site1: 10.0.0.X, Site2: 192.168.1.X, Site3 192.168.2.X.  All clients are running Windows 7.

What I want to do is promote the server to a domain controller so I can centralize everything and invoke mandatory desktops, basically have all users log in and only see one single icon on their desktop.  So, here is what I need to know.

If I promote this domain controller, what will be the impact if I leave DHCP and DNS on all the routers as-is?
Will I be able to join the remote clients to the domain without having any issues of finding the domain name?

Or, what should be the proper steps to take to do this correctly?


0
Comment
Question by:schmad01
  • 3
  • 2
5 Comments
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 35103323
You correctly identified problem that you will have with DNS, and to a lessor degree DHCP. In order for Active Directory to work, you need to have a working DNS system working. Since you don't have a domain yet, here are some tips.

1. Make your domain name domain.local instead of domain.com . It will simplify things down the line.
2. Every member of the domain needs to use a domain controller for DNS. Do not configure them to use any other DNS servers, not even as secondaries.
3. Using the Microsoft DHCP server gives you better management and is easier than the Cisco DHCP server. Turn off the DHCP server for the site with the server and use DHCP on the server.
4. You can continue to use DHCP on the other routers, but make sure that you reconfigure them to give out on ly the IP address of your server as the DNS server to use.
5. You need to configure Active Directory Sites and Services. It won't get done for you by a wizard.
6. Sine you will probably be storing some things on your server, it is easier if you start by using a domain based DFS root as the path for files, profiles, etc. The advantage is that the paths look like \\domain.local\dfs\users\profiles instead of \\server1\users\profiles . The advantage is that you can move the files to another server in the future without needing to reconfigure anything on the clients.
0
 

Author Comment

by:schmad01
ID: 35103740
I thought that AD sites and services is installed automatically when the first domain controller gets set up.
0
 
LVL 42

Accepted Solution

by:
kevinhsieh earned 2000 total points
ID: 35106377
Sites and Services won't be configured with multiple sites, and the subnets won't get defined. You have to do that yourself. AD has no way of automatically determining whether or not two subnets are local to each other or remote. You could theoretically say that maybe anything less than 10 ms away was the same site, but maybe you want a whole state to be in the same site, or maybe just a city, or maybe just a building, or just maybe want need your LAN to be in multiple sites. That's really hard to automagically configure with a wizard.
0
 

Author Comment

by:schmad01
ID: 35113852
So would I configure my setup as one site or multiple sites?
0
 

Author Closing Comment

by:schmad01
ID: 35124598
Thank you!
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

963 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question