Solved

Secondary DC in SBS 2011 Environment

Posted on 2012-03-26
10
1,481 Views
Last Modified: 2012-06-27
Hi All,

I'm in the process of setting up a site office again. We've been making revisions/improvements to the IT infrastructure each time we've done a project office and this one will hopefully will be the best yet.

The biggest issue we've had is the links back to the office is over 3g wireless which once you get a few people using it pretty much criples it.

With the last project we built up a standard windows 7 box and shared out files from that. However domain logins were slow as hell and it was generally a bitch to manage remotely due to services being all over the shop.

They have an existing SBS 2011 server in the head office, so what i would like to do is build up a secondary DC to install into the site office. We will have a VPN tunnel established so they will be joined.

I'm a bit new to adding secondary domain controllers. Could anyone either give me some step by step instructions, or point me to some reference materials on the subject.

Cheers,
Troy
0
Comment
Question by:elemist
  • 4
  • 4
  • 2
10 Comments
 
LVL 16

Expert Comment

by:R. Andrew Koffron
ID: 37766225
umm setting up a second ADC connected over 3g wireless just sounds like a ridiculously bad Idea.
0
 
LVL 1

Author Comment

by:elemist
ID: 37766235
How else would you provide domain login services to a remote office? I can't setup a second domain due to being unable to do trusts in an sbs environment...

Plus there will be a vpn tunnel between the sites which is pretty stable...
0
 
LVL 16

Expert Comment

by:R. Andrew Koffron
ID: 37766251
can't you put in a DSL or cable modem? maybe it's just my reflex answer to 3g in my experience being flaky as hell, and terribly unreliable.
0
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
LVL 9

Expert Comment

by:Geodash
ID: 37766265
SBS 2011, I am not sure how it will work, but you can drop a secondary RODC (Read-Only Domain Controller) in the 2nd office. I am not sure how RODC works with a SBS2011 box, but it is supported in w2k8r2 which SBS 2011 is.

According to this arrticle -

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/SBS_Small_Business_Server/Q_27296451.html

a RODC can be added to a SBS2011 environment

and here is how it is implemented -

http://technet.microsoft.com/en-us/library/cc754629%28v=ws.10%29.aspx

I have no idea how it would work over 3g wireless, but it sounds like the best option you may have.
0
 
LVL 1

Author Comment

by:elemist
ID: 37766283
The site office is in a donga in the middle of nowhere.. and the projects are always for a short period of time in different locations. So no go with any kind of physical connection. Hence why we rely on 3g.

But the stablility has been pretty good overall, and i have a couple of cisco routers at each end providing a VPN tunnel between the two offices. So far in testing the VPN has been quite stable, but that's half the reason for putting a DC so if the VPN between offices does drop the users are still able to login and out.. :)

Thanks for the links i'll have a read of them now.
0
 
LVL 9

Expert Comment

by:Geodash
ID: 37766289
then definitely, a RODC in the remote location is your best bet. I hear they work pretty well in this kind of situation.
0
 
LVL 9

Accepted Solution

by:
Geodash earned 500 total points
ID: 37766303
Yes, this is the best solution for the issue at hand.

http://technet.microsoft.com/en-us/library/cc755058(v=ws.10).aspx

For sites with low-bandwidth, it is recommended.
0
 
LVL 1

Author Comment

by:elemist
ID: 37766333
I'm assuming given the IP will need to be static and it will need to be at the other end of the VPN tunnel before i setup the RODC, otherwise if i try building it in the office first then change the IP it will kick up errors galore?
0
 
LVL 9

Expert Comment

by:Geodash
ID: 37766346
That is correct. You should be able to change it later to build it local, but DNS will bark at you for a while.
0
 
LVL 1

Author Closing Comment

by:elemist
ID: 37971419
just what we needed.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the event you manage a Small Business Server 2003, and you are audited for PCI compliance, there are several changes you must make in order to pass the audit. I can take no credit for discovering any of these fixes or workarounds, but there is no…
This guide is intended for migrating Windows 2003 Standard with Exchange 2003 to Windows Small Business Server 2008. You will need the following: Exchange Best Practice Analyzer: http://www.microsoft.com/downloads/details.aspx?FamilyID=DBAB201F-…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question