Solved

AD Small remote site

Posted on 2012-04-02
10
317 Views
Last Modified: 2012-06-21
HI expert,
I try to found some good practice to create a small AD 2008RC2 remote site. I need to movre 10 users from the main site to a remote location with a IPSEC Watchguard fiber link. The remote user are mostly laptop user and for the begening all the servers will remain at the head office. The remote site are on another subnet deserved by the DHCP inside the watchguard.

I was thinking installing 1 virtual DC to serve theses 10 users locally with DNS, AD (replication). In case of link down, the users will be able to logon and work locally.
But i quite lost! How do I configure the DNS to server local and remote host name and user different fowarders (in case of link lost). AD will work on 2 subnet?
IF someone have some doc to point me at?
Thanks a lot.
0
Comment
Question by:pdsavard
  • 5
  • 4
10 Comments
 
LVL 57

Expert Comment

by:Mike Kline
Comment Utility
If the link went down you can use cached credentials so they could log in.

If you want a DC there you create a DC  and make a new site in AD and create a site link between this site and main site.

for the DC you just create a DC in the same domain and install DNS/GC.   It will replicate AD/DNS from the main site.

Thanks

Mike
0
 

Author Comment

by:pdsavard
Comment Utility
correct, the cached credential will do the trick.
But what about the DNS/DHCP process. If I use a local DNS with local Fowarders, how can I resove AD name from the main site?
If I use DNS replication from the main site, How can i set local fowarders in case of link failure?
0
 
LVL 57

Expert Comment

by:Mike Kline
Comment Utility
You can set forwarders on the DNS server itself but if the WAN link is down how are they going to reach the internet?

Thanks

Mike
0
 
LVL 6

Expert Comment

by:awaggoner
Comment Utility
If the link goes down, it doesn't matter because the servers are at the home office.

If you use thin clients and either VDI, Citrix XenApp, or MS Terminals services.

You won't need a local server at all.  This is a very secure solution.

If you insist on a remote DC, make sure it is a read only configuration.
0
 

Author Comment

by:pdsavard
Comment Utility
The main site can be down. The remote site will have dual WAN link because it serve a small datacenter. Eventually the main site will switch position with the remote one... But for the phase1 only 10 users will move the the remote location.

The DNS at the remote need a foward and Reverse lookup zone of the main site? How to keep that in shync?
0
Why do Marketing keep bothering you?

Is your marketing department constantly asking for new email signature updates? Are they requesting a different design for every department? Do they need yet another banner added? Don’t let it get you down! There is an easy way to manage all of these requests...

 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 500 total points
Comment Utility
AD and DNS will replicate automatically as part of normal AD replication.    You can setup different forwarders in the properties (right click the DNS server and select properties > forwarders tab)

Thanks

Mike
0
 

Author Comment

by:pdsavard
Comment Utility
Meaby is too complicate only for 10 users. Do you think i can acheive the DNS/DHCP goal without AD DC on remote site?

awaggoner: The remote site is very secure. No need to use a RODC i think. VDI will be the next step. At the remote site, we aleready have a private cloud with Exchange and another AD site for the cloud. VDI will be in that cloud in phase2.
But for now I need to provide AD from the current main site to the 10 users.
0
 
LVL 57

Expert Comment

by:Mike Kline
Comment Utility
You could probably let them use the DCs in the main site.  How reliable is that link?
0
 

Author Comment

by:pdsavard
Comment Utility
HI, I finaly add a local DC.
Question:
- Can i set diferent DNS fowarder for this remote DC?
- Whats is the best setting for station DNS (Push by the DHCP). Primary DNS set to the local DC and secondary to the DC at the main site?

THanks
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 500 total points
Comment Utility
Yes you can set a different forwarder.

I'd point them locally for DNS first just like you are planning.

Thanks


Mike
0

Featured Post

Integrate social media with email signatures

Is your company active on social media? Do you also use email signatures? Including social media icons in your email signature is a great way to get fans for free. Let all your email users know you’re on social media quickly and easily, in a single click.

Join & Write a Comment

New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now