configure child domain through bovpn
Hi Experts,
I am trying to configure a child domain via BOVPN (branch office vpn), the problem is that i cannot browse to my remote site typing machine name. How can I configure my remote site so that we can browse remote machines, printers, etc by name?
Is child domain an option to the setup?
I am trying to configure a child domain via BOVPN (branch office vpn), the problem is that i cannot browse to my remote site typing machine name. How can I configure my remote site so that we can browse remote machines, printers, etc by name?
Is child domain an option to the setup?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I don't think it is supposed to be a Member Server. You are creating a new domain with it,...not joining an existing one.
The GAL has nothing to do with anything at this point. The GAL does not come from the Domain,...it comes from the Exchange Organization,...and the boundary of the Exchange Organization is the Forest, not the Domain as far as I know,...maybe some Exchange Expert can verify that..
You can install DNS and DHCP on the box,..but you cannot configure them now. The machine has to use the DNS at HQ until after the DC Promo (just like you are doing with WINS). DNS will be configured on the box automatically when it is DC Promo'ed. DHCP cannot be configured until the Child Domain is in place and fully functional.
Routing should not be a problem as long as the Internet Firewall and the VPN Router are the same physical device,...which in this case,..that is so.
The GAL has nothing to do with anything at this point. The GAL does not come from the Domain,...it comes from the Exchange Organization,...and the boundary of the Exchange Organization is the Forest, not the Domain as far as I know,...maybe some Exchange Expert can verify that..
You can install DNS and DHCP on the box,..but you cannot configure them now. The machine has to use the DNS at HQ until after the DC Promo (just like you are doing with WINS). DNS will be configured on the box automatically when it is DC Promo'ed. DHCP cannot be configured until the Child Domain is in place and fully functional.
Routing should not be a problem as long as the Internet Firewall and the VPN Router are the same physical device,...which in this case,..that is so.
ASKER
pwindell:
You are right, GAL has to do with Exchange; I meant to say GC.
As for installing DNS & DHCP: I installed a secondary DNS that copies the HQ-DNS but as for DHCP, I install it to create leases on the new scope:
HQ scope: 192.168.1.0/24
Remote Scope: 192.168.2.0/24
So far is working good and I can browse both sites without a problem, but I still have to create the child domain. I am studying how to do it because I don't have experience with Server 2008; if you have some docs on how to do, I will appreciate it.
Yes, Inet firewall and VPN router are the same appliance.
Thank you for the help, I am at the HQ site but will go to visit the remote site tomorrow.
You are right, GAL has to do with Exchange; I meant to say GC.
As for installing DNS & DHCP: I installed a secondary DNS that copies the HQ-DNS but as for DHCP, I install it to create leases on the new scope:
HQ scope: 192.168.1.0/24
Remote Scope: 192.168.2.0/24
So far is working good and I can browse both sites without a problem, but I still have to create the child domain. I am studying how to do it because I don't have experience with Server 2008; if you have some docs on how to do, I will appreciate it.
Yes, Inet firewall and VPN router are the same appliance.
Thank you for the help, I am at the HQ site but will go to visit the remote site tomorrow.
As for installing DNS & DHCP: I installed a secondary DNS that copies the HQ-DNS
Unless I misunderstand what you mean by that,...I don't see any point in that,...in fact it may get in the way. When a DC is created the DNS is configured automatically and correctly,...don't mess with it from there unless you know that what you are doing is documented to be the exact correct thing to do,...do not "guess" at things,...do not "wing-it" and hope things might work..
Don't create any Zones, don't create any Zone Transfers
Don't create any DNS Servers that are not DCs.
I have no "official" documents, but my first above post outlines creating a Child Domain. Assuming your fist Domain (the Parent) is already in place and works correctly,...you take a stand alone server,...point it's TCP/IP Specs at one of your Domain Controllers,....run DC Promo and tell it that it is to be a new Child Domain of an existing Parent Domain. When finished, move it's TCP/IP Specs to point to itself for DNS if it is going to be a single DC for the Child. The Parent and Child are fully aware of each other through DNS which is replicated by AD,...they do not have to point DNS at each other once everything is in place. Just look at my first post.
The only thing I am not sure of is if the new DC has to be a Member first,...but since it is effectively creating a "new" Domain,....I do not think it has to be a Member of anything.
Unless I misunderstand what you mean by that,...I don't see any point in that,...in fact it may get in the way. When a DC is created the DNS is configured automatically and correctly,...don't mess with it from there unless you know that what you are doing is documented to be the exact correct thing to do,...do not "guess" at things,...do not "wing-it" and hope things might work..
Don't create any Zones, don't create any Zone Transfers
Don't create any DNS Servers that are not DCs.
I have no "official" documents, but my first above post outlines creating a Child Domain. Assuming your fist Domain (the Parent) is already in place and works correctly,...you take a stand alone server,...point it's TCP/IP Specs at one of your Domain Controllers,....run DC Promo and tell it that it is to be a new Child Domain of an existing Parent Domain. When finished, move it's TCP/IP Specs to point to itself for DNS if it is going to be a single DC for the Child. The Parent and Child are fully aware of each other through DNS which is replicated by AD,...they do not have to point DNS at each other once everything is in place. Just look at my first post.
The only thing I am not sure of is if the new DC has to be a Member first,...but since it is effectively creating a "new" Domain,....I do not think it has to be a Member of anything.
ASKER
Thanks pwindell,
I actually did what you said not to do... I know it's not recommended; I want to make it right and that's why I have this post.
I will go back to your first post and concentrate on the child DC and build from there. I will post back tomorrow.
Thank you for the help!
I actually did what you said not to do... I know it's not recommended; I want to make it right and that's why I have this post.
I will go back to your first post and concentrate on the child DC and build from there. I will post back tomorrow.
Thank you for the help!
ASKER
Thank you, that's what I should have done to begin with.
ASKER
I got the browsing part figured out; I am pointing WINS to the WINS server at the HQ site; so far everything is working, the machine was joined as a member server and no problems. I am going to add DNS, DHCP services and promote to a DC so it can keep a copy of the GAL.
If I keep going this route, is there anything I should be aware of?