Solved

How to join a local file server to a remote domain controller

Posted on 2011-09-20
11
354 Views
Last Modified: 2012-05-12
I have a windows 2008 r2 domain controller set up at a datacenter (mainly running exchange).

I would like to have a file server at my local location.

I installed 2008 R2 enterprise edition on it.

What is the best way for to me set it up to be part of the domain, so that the same username and passwor5d they use for exchange they can use to access the file server.

Also, as of now the computer are not set up to be part of the domain itself, where should I point the computer to?
0
Comment
Question by:stumped423
  • 5
  • 5
11 Comments
 
LVL 24

Accepted Solution

by:
Sandeshdubey earned 500 total points
ID: 36571661
As you have mentioned that alredy domain controller and exchange is installed in the environment.
You need to add the file server in the domain assuming that you have one more server which will be used as file server.

Once the Server is added to domain you can create folders and share the same as per requirement and add permission to it based on business requirement.

The same user id and password will be used by client user to login to domain PC,acess file share and exchange once the workgroup PC are added to domain.


0
 

Author Comment

by:stumped423
ID: 36571672
My problem with adding it to domain, is that usaully I have to set the DNS address of the workstation to be pointed to the server in order to have it joing. But how do I do that when the server is not local?

THanks
0
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 36571821
If you want to add the workstation PC to domain you need to point to DNS server and add the PC to domain.




0
Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

 

Author Comment

by:stumped423
ID: 36571830
How would I add this server to the domain if the domain server is at a remote location. What dns server would I use in this case.

The local place only has a regular router/internet connection.
0
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 36571900
If the domain server is reachable and pingable by ip address you can add the server to domain.The DNS server will the the local ip address of the DC.

However I would recommend if the no of user in remote location is more then 30 then make the file server as ADC as well .For redendancy you need to have atleast two DC in the network.

Also make sure that if you are making the file server as ADC below firewall port should be open.

Port Assignments for Active Directory Replication
Service Name      UDP        TCP
LDAP                    389        389
LDAP                                  636
GC                                     3268
Kerboros                88         88
DNS                        53          53
smb over IP            445       445

0
 

Author Comment

by:stumped423
ID: 36571920
There are only 10 user at the location.

I am able to ping the public IP of the DC and remote dekstop into it, but even though I set the public IP and the DNS server, I can not ping the server by name.

Do any special ports need to be open on the firewall of the DC to allow that to work?

Thanks
0
 

Author Comment

by:stumped423
ID: 36571923
Actaul, sorry I am able to ping the DC server when I use the full name ie: servername.domain.local but when I try to join the domain name, it says it cant be found. Do I need to enter it in a special way?
0
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 36571979
Are you able to ping the DC with private ip address not public.If you are able to ping the server with private ip you need to enter the the private ip address as DNS on client PC and then try to join to domain.
0
 

Author Comment

by:stumped423
ID: 36572028
The public IP is dedicated directly to the DC.
0
 
LVL 6

Expert Comment

by:netjgrnaut
ID: 36573731
It sounds like you're moving towards opening up AD (and DNS) to the public Internet.  This is a Bad Thing (TM).

First enable a VPN between the sites.  I'd recommend doing this with router hardware, not client (server-to-server) connections.  They're less stable, and you want a reliable PRIVATE connection between your sites.

Then you can set the DNS resolver on your remote server to the IP of the DC.  Make sure that is the ONLY resolver configured when you join the domain.

I agree with Sandeshdubey that you'll be best served by promoting your remote FS to a DC once you've joined the domain.

After you do this, reconfigure the first resolver on the remote DC/FS to 127.0.0.1.  Leave the main site DC as the second resolver.

Don't forget to add your remote subnet definitions to AD.

DON'T OPEN UP THE FIREWALL PORTS AS DESCRIBED ABOVE TO THE PUBLIC INTERNET.  Such access to a DC is just wrong.  It's not secure.

Hope that helps!
0
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 36577852
You need to asign private IP adress to DC not public.After assigning the private IP address,
check the DNS setting on the Server it should point to itself.If the public ip address is added in the NIC DNS setting remove the same and add to DNS forwarders if required.If 127.0.0.1 is entered as dns remove the same and add ip address.

Check NIC binding the Nic which is online and has ip details should be in first order.If multiple NIC are present then disabled the unrequired NIC.

Once done reboot the server.
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question