Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

promoting 2003 server to domain controller at a remote site

Posted on 2013-10-28
7
Medium Priority
?
398 Views
Last Modified: 2013-10-29
Hi.
for a few months now our main office in new york could no longer access our west coast office via the site to site vpn so the west coast server which is a domain controller could not replicate with the new york primary domain controller but just today we got both sites connected via an mpls dedicated connection so i can ping and remote desktop into each site but as expected, when i tried replicating the servers got errors.  My question is what would be the easiest way to correct this so west coast site can authenticate domain users properly since now the users are not able to log into their pcs for some reason and are getting errors that no domain controller is available.  There is a 2nd member server at the west coast site so could i just promote that to a domain controller and then if it works, demote the original domain controller?  Wasnt sure of the steps for dcpromo as well.  Thanks in advance.
0
Comment
Question by:dankyle67
  • 4
  • 3
7 Comments
 
LVL 3

Expert Comment

by:ltechsolutions
ID: 39607570
Assuming the member server is already joined to the domain, you should be able to run DCPROMO to promote it to a domain controller.

Though, from what you've said, it sounds like you already have a domain controller in both offices. However, it's been so long since they replicated, that each of the DCs assumed the other was permanently offline and "tombstoned" it.

This article may help you "reanimate" a tombstoned object in AD:

http://technet.microsoft.com/en-us/magazine/2007.09.tombstones.aspx

If you can get the existing DCs replicating with each other, that'll be your best bet.
0
 

Author Comment

by:dankyle67
ID: 39608340
yes would prefer to bring back the tombstoned domain controller but just worried its a lot of work thats why was thinking about promoting the 2nd member server in the west coast office. Will take a look at the article first, thanks so far.  Also, if both sites are not connected thru a dedicated leased line which is pretty fast, could they just use the east coast domain controller for authenticating or would this be too slow?
0
 
LVL 3

Expert Comment

by:ltechsolutions
ID: 39608344
AD authentication uses so little bandwidth, having the West coast users use the East coast server shouldn't be a problem at all. Unless, of course, you have a complex group policy structure that needs to apply, or if it's trying to redirect folders across the WAN.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 3

Accepted Solution

by:
ltechsolutions earned 2000 total points
ID: 39608349
I should add - the best practice is to have at least one domain controller in each physical location. However, as an interim solution, what you described will work. Just make sure that the DNS for your computers (including West coast) have your East coast domain controller set.
0
 

Author Comment

by:dankyle67
ID: 39608365
That sounds like what i would like to do in the interim but problem is they just completed this voip phone system which links both sites together by using connected gateways on each site called mpls which im not familiar with.  The nice thing is both sites are able to see each other but the gateway they point to is that phone system gateway.  Currently, in their ip settings i have the default gateway as 10.10.2.254 at west coast site and the dns is set to the domain controller that is tombstoned so are you saying that since both sites are linked, i could temporarily set the west coast site to use the ny site dns server which is also the main domain controller/DNS server?  In other words, im trying to find out how the west coast site pcs determine which domain controller to use for authentication in general.  It seems you are saying that whatever dns server you point a machine to is the domain controller it will use for its domain authentication correct?  This way i could still leave the default gateway as is since this is what enables both sites to communicate.
0
 
LVL 3

Expert Comment

by:ltechsolutions
ID: 39608367
Assuming you can ping the East coast server's IP from the computers at the West coast site, then you're absolutely correct.
0
 

Author Comment

by:dankyle67
ID: 39608449
Great, that would be nice if i could get that working as you advised.  Lets assume that in the west coast office they never had a domain controller installed and the office was just new and the site to site connection was already in place, I would then theoretically be able to simply use the east coast office dns/domain controller as the only and main source for their authentication correct until i installed a local domain controller their as a best practice like you mentioned?  The reason i am asking this is that a month ago the west coast office tried setting up a new laptop and couldnt get it to join the domain and was assuming that it was trying to get domain credentials by using the tombstoned local domain controller but if i point it now to the east coast dns server then maybe it will be able to sucessfully join the domain.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
Integration Management Part 2

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question