Solved

Can I replicate Windows server 2008 Active Directory to my home dhcp computer AD ?

Posted on 2013-01-23
4
524 Views
Last Modified: 2013-01-31
Hi Experts,

One of me clients is asking if hes able to replicate Windows server 2008 Active Directory to the home dhcp computer AD.  (So the home server is like a DR for AD)

But the home is only a residential ADSL with no static ip.
Just small office. There is no firewall between the two sites.
It should not work ?

regards,
0
Comment
Question by:stephen2012
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 16

Assisted Solution

by:Bruno PACI
Bruno PACI earned 334 total points
ID: 38812599
Hi,

I'm not sure to understand, or I'm afraid to understand... (!!)
Do you mean installing a second domain controller on a remote server that is connected to the first one through an ADSL connection (public WAN) !!??

Well... anyway... installing a DC on a server that has no static IP address wil not work a long time... You can make it work for a while but as soon the IP will change you might have hard time to make it work back again.

Let be serious. If you want a secondary Domain Controller so that the domain still works if one Domain Controller fails you must use a server that is really able to be a domain controller, with static IP, enough RAM, DNS service, etc...


If you're idea is to backup the AD server and export the backup to another computer through an ADSL connection, then yes this is possible but this is only a backup. If the AD server (let's call it the Domain Controller, DC, as it is its function) crashes, you'll have to resintall a Windows opearting system on it to restore the backup and get your DC back to life. it will take a few hours to make bring the domain back up.


Have a good day.
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 166 total points
ID: 38812731
Agree with Paci, I would not do it.   Are you currently running with one DC, at a minimum get a second DC up in the office (virtual or on any hardware).  If your single DC goes down hard you will have downtime and issues.

Have you thought about the Microsoft cloud solution

http://www.windowsazure.com/en-us/manage/services/networking/replica-domain-controller/

I have some machines in Azure but haven't installed a replica DC.

Thanks

Mike
0
 

Author Comment

by:stephen2012
ID: 38826846
how about if I use a Dynamic DNS service to allow AD to replicate over internet ?
0
 
LVL 16

Accepted Solution

by:
Bruno PACI earned 334 total points
ID: 38827094
No.

The AD controller must be recorded in the domain DNS zone, not on any external DNS zone.
By the way, AD domain controller require not only simple type "A" DNS records must alos a lot of "SRV" DNS records and that sort of DNS records are not provided by dynamic DNS services on the web.

Again, AD controller must have static IP addresses for a very simple reason :

To be able to replicate AD objects the domain controllers must be able to locate each other.
To locate each other the domain controllers use DNS records.
DNS records are replicated between domain controllers.
This can work if IP are static.

If the IP of a DC comes to change, the other DC won't be able to locate the DC anymore because its DNS records won't point to the new IP address.
The replication will then fail. And as the replication is the way to replicate DNS records you won't get out of this failing situation without an admin action.


Active Directory is like a plane: it's safe and robust but you must know how to pilot and must not try to make a looping.
I don't know how to be more clear... If you try exotic configuration you'll crash.

If you want a disaster recovery configuration you must do it seriously and spend the right money for that. In your case, a dedicated server as a secondary DC in your company will be perfect ! Trying to use a "strange" home server somewhere on the web is a fool idea !
0

Featured Post

Secure Your Active Directory - April 20, 2017

Active Directory plays a critical role in your company’s IT infrastructure and keeping it secure in today’s hacker-infested world is a must.
Microsoft published 300+ pages of guidance, but who has the time, money, and resources to implement? Register now to find an easier way.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article outlines the process to identify and resolve account lockout in an Active Directory environment.
A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question