Solved

How to join a local file server to a remote domain controller

Posted on 2011-09-20
11
313 Views
Last Modified: 2012-05-12
I have a windows 2008 r2 domain controller set up at a datacenter (mainly running exchange).

I would like to have a file server at my local location.

I installed 2008 R2 enterprise edition on it.

What is the best way for to me set it up to be part of the domain, so that the same username and passwor5d they use for exchange they can use to access the file server.

Also, as of now the computer are not set up to be part of the domain itself, where should I point the computer to?
0
Comment
Question by:stumped423
  • 5
  • 5
11 Comments
 
LVL 24

Accepted Solution

by:
Sandeshdubey earned 500 total points
Comment Utility
As you have mentioned that alredy domain controller and exchange is installed in the environment.
You need to add the file server in the domain assuming that you have one more server which will be used as file server.

Once the Server is added to domain you can create folders and share the same as per requirement and add permission to it based on business requirement.

The same user id and password will be used by client user to login to domain PC,acess file share and exchange once the workgroup PC are added to domain.


0
 

Author Comment

by:stumped423
Comment Utility
My problem with adding it to domain, is that usaully I have to set the DNS address of the workstation to be pointed to the server in order to have it joing. But how do I do that when the server is not local?

THanks
0
 
LVL 24

Expert Comment

by:Sandeshdubey
Comment Utility
If you want to add the workstation PC to domain you need to point to DNS server and add the PC to domain.




0
 

Author Comment

by:stumped423
Comment Utility
How would I add this server to the domain if the domain server is at a remote location. What dns server would I use in this case.

The local place only has a regular router/internet connection.
0
 
LVL 24

Expert Comment

by:Sandeshdubey
Comment Utility
If the domain server is reachable and pingable by ip address you can add the server to domain.The DNS server will the the local ip address of the DC.

However I would recommend if the no of user in remote location is more then 30 then make the file server as ADC as well .For redendancy you need to have atleast two DC in the network.

Also make sure that if you are making the file server as ADC below firewall port should be open.

Port Assignments for Active Directory Replication
Service Name      UDP        TCP
LDAP                    389        389
LDAP                                  636
GC                                     3268
Kerboros                88         88
DNS                        53          53
smb over IP            445       445

0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:stumped423
Comment Utility
There are only 10 user at the location.

I am able to ping the public IP of the DC and remote dekstop into it, but even though I set the public IP and the DNS server, I can not ping the server by name.

Do any special ports need to be open on the firewall of the DC to allow that to work?

Thanks
0
 

Author Comment

by:stumped423
Comment Utility
Actaul, sorry I am able to ping the DC server when I use the full name ie: servername.domain.local but when I try to join the domain name, it says it cant be found. Do I need to enter it in a special way?
0
 
LVL 24

Expert Comment

by:Sandeshdubey
Comment Utility
Are you able to ping the DC with private ip address not public.If you are able to ping the server with private ip you need to enter the the private ip address as DNS on client PC and then try to join to domain.
0
 

Author Comment

by:stumped423
Comment Utility
The public IP is dedicated directly to the DC.
0
 
LVL 6

Expert Comment

by:netjgrnaut
Comment Utility
It sounds like you're moving towards opening up AD (and DNS) to the public Internet.  This is a Bad Thing (TM).

First enable a VPN between the sites.  I'd recommend doing this with router hardware, not client (server-to-server) connections.  They're less stable, and you want a reliable PRIVATE connection between your sites.

Then you can set the DNS resolver on your remote server to the IP of the DC.  Make sure that is the ONLY resolver configured when you join the domain.

I agree with Sandeshdubey that you'll be best served by promoting your remote FS to a DC once you've joined the domain.

After you do this, reconfigure the first resolver on the remote DC/FS to 127.0.0.1.  Leave the main site DC as the second resolver.

Don't forget to add your remote subnet definitions to AD.

DON'T OPEN UP THE FIREWALL PORTS AS DESCRIBED ABOVE TO THE PUBLIC INTERNET.  Such access to a DC is just wrong.  It's not secure.

Hope that helps!
0
 
LVL 24

Expert Comment

by:Sandeshdubey
Comment Utility
You need to asign private IP adress to DC not public.After assigning the private IP address,
check the DNS setting on the Server it should point to itself.If the public ip address is added in the NIC DNS setting remove the same and add to DNS forwarders if required.If 127.0.0.1 is entered as dns remove the same and add ip address.

Check NIC binding the Nic which is online and has ip details should be in first order.If multiple NIC are present then disabled the unrequired NIC.

Once done reboot the server.
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Suggested Solutions

New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now