elemist
asked on
Secondary DC in SBS 2011 Environment
Hi All,
I'm in the process of setting up a site office again. We've been making revisions/improvements to the IT infrastructure each time we've done a project office and this one will hopefully will be the best yet.
The biggest issue we've had is the links back to the office is over 3g wireless which once you get a few people using it pretty much criples it.
With the last project we built up a standard windows 7 box and shared out files from that. However domain logins were slow as hell and it was generally a bitch to manage remotely due to services being all over the shop.
They have an existing SBS 2011 server in the head office, so what i would like to do is build up a secondary DC to install into the site office. We will have a VPN tunnel established so they will be joined.
I'm a bit new to adding secondary domain controllers. Could anyone either give me some step by step instructions, or point me to some reference materials on the subject.
Cheers,
Troy
I'm in the process of setting up a site office again. We've been making revisions/improvements to the IT infrastructure each time we've done a project office and this one will hopefully will be the best yet.
The biggest issue we've had is the links back to the office is over 3g wireless which once you get a few people using it pretty much criples it.
With the last project we built up a standard windows 7 box and shared out files from that. However domain logins were slow as hell and it was generally a bitch to manage remotely due to services being all over the shop.
They have an existing SBS 2011 server in the head office, so what i would like to do is build up a secondary DC to install into the site office. We will have a VPN tunnel established so they will be joined.
I'm a bit new to adding secondary domain controllers. Could anyone either give me some step by step instructions, or point me to some reference materials on the subject.
Cheers,
Troy
R. Andrew Koffron
umm setting up a second ADC connected over 3g wireless just sounds like a ridiculously bad Idea.
ASKER
How else would you provide domain login services to a remote office? I can't setup a second domain due to being unable to do trusts in an sbs environment...
Plus there will be a vpn tunnel between the sites which is pretty stable...
Plus there will be a vpn tunnel between the sites which is pretty stable...
can't you put in a DSL or cable modem? maybe it's just my reflex answer to 3g in my experience being flaky as hell, and terribly unreliable.
SBS 2011, I am not sure how it will work, but you can drop a secondary RODC (Read-Only Domain Controller) in the 2nd office. I am not sure how RODC works with a SBS2011 box, but it is supported in w2k8r2 which SBS 2011 is.
According to this arrticle -
https://www.experts-exchange.com/questions/27296451/RODC-w-SBS2011.html
a RODC can be added to a SBS2011 environment
and here is how it is implemented -
http://technet.microsoft.com/en-us/library/cc754629%28v=ws.10%29.aspx
I have no idea how it would work over 3g wireless, but it sounds like the best option you may have.
According to this arrticle -
https://www.experts-exchange.com/questions/27296451/RODC-w-SBS2011.html
a RODC can be added to a SBS2011 environment
and here is how it is implemented -
http://technet.microsoft.com/en-us/library/cc754629%28v=ws.10%29.aspx
I have no idea how it would work over 3g wireless, but it sounds like the best option you may have.
ASKER
The site office is in a donga in the middle of nowhere.. and the projects are always for a short period of time in different locations. So no go with any kind of physical connection. Hence why we rely on 3g.
But the stablility has been pretty good overall, and i have a couple of cisco routers at each end providing a VPN tunnel between the two offices. So far in testing the VPN has been quite stable, but that's half the reason for putting a DC so if the VPN between offices does drop the users are still able to login and out.. :)
Thanks for the links i'll have a read of them now.
But the stablility has been pretty good overall, and i have a couple of cisco routers at each end providing a VPN tunnel between the two offices. So far in testing the VPN has been quite stable, but that's half the reason for putting a DC so if the VPN between offices does drop the users are still able to login and out.. :)
Thanks for the links i'll have a read of them now.
then definitely, a RODC in the remote location is your best bet. I hear they work pretty well in this kind of situation.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I'm assuming given the IP will need to be static and it will need to be at the other end of the VPN tunnel before i setup the RODC, otherwise if i try building it in the office first then change the IP it will kick up errors galore?
That is correct. You should be able to change it later to build it local, but DNS will bark at you for a while.
ASKER
just what we needed.