Solved

AD Small remote site

Posted on 2012-04-02
10
319 Views
Last Modified: 2012-06-21
HI expert,
I try to found some good practice to create a small AD 2008RC2 remote site. I need to movre 10 users from the main site to a remote location with a IPSEC Watchguard fiber link. The remote user are mostly laptop user and for the begening all the servers will remain at the head office. The remote site are on another subnet deserved by the DHCP inside the watchguard.

I was thinking installing 1 virtual DC to serve theses 10 users locally with DNS, AD (replication). In case of link down, the users will be able to logon and work locally.
But i quite lost! How do I configure the DNS to server local and remote host name and user different fowarders (in case of link lost). AD will work on 2 subnet?
IF someone have some doc to point me at?
Thanks a lot.
0
Comment
Question by:pdsavard
  • 5
  • 4
10 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 37798904
If the link went down you can use cached credentials so they could log in.

If you want a DC there you create a DC  and make a new site in AD and create a site link between this site and main site.

for the DC you just create a DC in the same domain and install DNS/GC.   It will replicate AD/DNS from the main site.

Thanks

Mike
0
 

Author Comment

by:pdsavard
ID: 37798936
correct, the cached credential will do the trick.
But what about the DNS/DHCP process. If I use a local DNS with local Fowarders, how can I resove AD name from the main site?
If I use DNS replication from the main site, How can i set local fowarders in case of link failure?
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 37798941
You can set forwarders on the DNS server itself but if the WAN link is down how are they going to reach the internet?

Thanks

Mike
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 
LVL 6

Expert Comment

by:awaggoner
ID: 37798948
If the link goes down, it doesn't matter because the servers are at the home office.

If you use thin clients and either VDI, Citrix XenApp, or MS Terminals services.

You won't need a local server at all.  This is a very secure solution.

If you insist on a remote DC, make sure it is a read only configuration.
0
 

Author Comment

by:pdsavard
ID: 37798952
The main site can be down. The remote site will have dual WAN link because it serve a small datacenter. Eventually the main site will switch position with the remote one... But for the phase1 only 10 users will move the the remote location.

The DNS at the remote need a foward and Reverse lookup zone of the main site? How to keep that in shync?
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 500 total points
ID: 37798957
AD and DNS will replicate automatically as part of normal AD replication.    You can setup different forwarders in the properties (right click the DNS server and select properties > forwarders tab)

Thanks

Mike
0
 

Author Comment

by:pdsavard
ID: 37799008
Meaby is too complicate only for 10 users. Do you think i can acheive the DNS/DHCP goal without AD DC on remote site?

awaggoner: The remote site is very secure. No need to use a RODC i think. VDI will be the next step. At the remote site, we aleready have a private cloud with Exchange and another AD site for the cloud. VDI will be in that cloud in phase2.
But for now I need to provide AD from the current main site to the 10 users.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 37799151
You could probably let them use the DCs in the main site.  How reliable is that link?
0
 

Author Comment

by:pdsavard
ID: 38110941
HI, I finaly add a local DC.
Question:
- Can i set diferent DNS fowarder for this remote DC?
- Whats is the best setting for station DNS (Push by the DHCP). Primary DNS set to the local DC and secondary to the DC at the main site?

THanks
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 500 total points
ID: 38110951
Yes you can set a different forwarder.

I'd point them locally for DNS first just like you are planning.

Thanks


Mike
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
OfficeMate Freezes on login or does not load after login credentials are input.
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question