Solved

Secondary DC in SBS 2011 Environment

Posted on 2012-03-26
10
1,474 Views
Last Modified: 2012-06-27
Hi All,

I'm in the process of setting up a site office again. We've been making revisions/improvements to the IT infrastructure each time we've done a project office and this one will hopefully will be the best yet.

The biggest issue we've had is the links back to the office is over 3g wireless which once you get a few people using it pretty much criples it.

With the last project we built up a standard windows 7 box and shared out files from that. However domain logins were slow as hell and it was generally a bitch to manage remotely due to services being all over the shop.

They have an existing SBS 2011 server in the head office, so what i would like to do is build up a secondary DC to install into the site office. We will have a VPN tunnel established so they will be joined.

I'm a bit new to adding secondary domain controllers. Could anyone either give me some step by step instructions, or point me to some reference materials on the subject.

Cheers,
Troy
0
Comment
Question by:elemist
  • 4
  • 4
  • 2
10 Comments
 
LVL 16

Expert Comment

by:R. Andrew Koffron
ID: 37766225
umm setting up a second ADC connected over 3g wireless just sounds like a ridiculously bad Idea.
0
 
LVL 1

Author Comment

by:elemist
ID: 37766235
How else would you provide domain login services to a remote office? I can't setup a second domain due to being unable to do trusts in an sbs environment...

Plus there will be a vpn tunnel between the sites which is pretty stable...
0
 
LVL 16

Expert Comment

by:R. Andrew Koffron
ID: 37766251
can't you put in a DSL or cable modem? maybe it's just my reflex answer to 3g in my experience being flaky as hell, and terribly unreliable.
0
 
LVL 9

Expert Comment

by:Geodash
ID: 37766265
SBS 2011, I am not sure how it will work, but you can drop a secondary RODC (Read-Only Domain Controller) in the 2nd office. I am not sure how RODC works with a SBS2011 box, but it is supported in w2k8r2 which SBS 2011 is.

According to this arrticle -

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/SBS_Small_Business_Server/Q_27296451.html

a RODC can be added to a SBS2011 environment

and here is how it is implemented -

http://technet.microsoft.com/en-us/library/cc754629%28v=ws.10%29.aspx

I have no idea how it would work over 3g wireless, but it sounds like the best option you may have.
0
 
LVL 1

Author Comment

by:elemist
ID: 37766283
The site office is in a donga in the middle of nowhere.. and the projects are always for a short period of time in different locations. So no go with any kind of physical connection. Hence why we rely on 3g.

But the stablility has been pretty good overall, and i have a couple of cisco routers at each end providing a VPN tunnel between the two offices. So far in testing the VPN has been quite stable, but that's half the reason for putting a DC so if the VPN between offices does drop the users are still able to login and out.. :)

Thanks for the links i'll have a read of them now.
0
Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

 
LVL 9

Expert Comment

by:Geodash
ID: 37766289
then definitely, a RODC in the remote location is your best bet. I hear they work pretty well in this kind of situation.
0
 
LVL 9

Accepted Solution

by:
Geodash earned 500 total points
ID: 37766303
Yes, this is the best solution for the issue at hand.

http://technet.microsoft.com/en-us/library/cc755058(v=ws.10).aspx

For sites with low-bandwidth, it is recommended.
0
 
LVL 1

Author Comment

by:elemist
ID: 37766333
I'm assuming given the IP will need to be static and it will need to be at the other end of the VPN tunnel before i setup the RODC, otherwise if i try building it in the office first then change the IP it will kick up errors galore?
0
 
LVL 9

Expert Comment

by:Geodash
ID: 37766346
That is correct. You should be able to change it later to build it local, but DNS will bark at you for a while.
0
 
LVL 1

Author Closing Comment

by:elemist
ID: 37971419
just what we needed.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The problem of the system drive in SBS 2003 getting full continues to be an issue, even though SBS 2008 and SBS 2011 are both in the market place.  There are several solutions to this, including adding additional drive space or using third party uti…
I've often see, or have been asked, the question about the difference between the Exchange 2010 SP1 version, available as part of Small Business Server (SBS) 2011, and the “normal” Exchange 2010 SP1 Standard. The answer to the question is relativ…
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
With the power of JIRA, there's an unlimited number of ways you can customize it, use it and benefit from it. With that in mind, there's bound to be things that I wasn't able to cover in this course. With this summary we'll look at some places to go…

896 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now