Solved

promoting 2003 server to domain controller at a remote site

Posted on 2013-10-28
7
384 Views
Last Modified: 2013-10-29
Hi.
for a few months now our main office in new york could no longer access our west coast office via the site to site vpn so the west coast server which is a domain controller could not replicate with the new york primary domain controller but just today we got both sites connected via an mpls dedicated connection so i can ping and remote desktop into each site but as expected, when i tried replicating the servers got errors.  My question is what would be the easiest way to correct this so west coast site can authenticate domain users properly since now the users are not able to log into their pcs for some reason and are getting errors that no domain controller is available.  There is a 2nd member server at the west coast site so could i just promote that to a domain controller and then if it works, demote the original domain controller?  Wasnt sure of the steps for dcpromo as well.  Thanks in advance.
0
Comment
Question by:dankyle67
  • 4
  • 3
7 Comments
 
LVL 3

Expert Comment

by:ltechsolutions
ID: 39607570
Assuming the member server is already joined to the domain, you should be able to run DCPROMO to promote it to a domain controller.

Though, from what you've said, it sounds like you already have a domain controller in both offices. However, it's been so long since they replicated, that each of the DCs assumed the other was permanently offline and "tombstoned" it.

This article may help you "reanimate" a tombstoned object in AD:

http://technet.microsoft.com/en-us/magazine/2007.09.tombstones.aspx

If you can get the existing DCs replicating with each other, that'll be your best bet.
0
 

Author Comment

by:dankyle67
ID: 39608340
yes would prefer to bring back the tombstoned domain controller but just worried its a lot of work thats why was thinking about promoting the 2nd member server in the west coast office. Will take a look at the article first, thanks so far.  Also, if both sites are not connected thru a dedicated leased line which is pretty fast, could they just use the east coast domain controller for authenticating or would this be too slow?
0
 
LVL 3

Expert Comment

by:ltechsolutions
ID: 39608344
AD authentication uses so little bandwidth, having the West coast users use the East coast server shouldn't be a problem at all. Unless, of course, you have a complex group policy structure that needs to apply, or if it's trying to redirect folders across the WAN.
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 
LVL 3

Accepted Solution

by:
ltechsolutions earned 500 total points
ID: 39608349
I should add - the best practice is to have at least one domain controller in each physical location. However, as an interim solution, what you described will work. Just make sure that the DNS for your computers (including West coast) have your East coast domain controller set.
0
 

Author Comment

by:dankyle67
ID: 39608365
That sounds like what i would like to do in the interim but problem is they just completed this voip phone system which links both sites together by using connected gateways on each site called mpls which im not familiar with.  The nice thing is both sites are able to see each other but the gateway they point to is that phone system gateway.  Currently, in their ip settings i have the default gateway as 10.10.2.254 at west coast site and the dns is set to the domain controller that is tombstoned so are you saying that since both sites are linked, i could temporarily set the west coast site to use the ny site dns server which is also the main domain controller/DNS server?  In other words, im trying to find out how the west coast site pcs determine which domain controller to use for authentication in general.  It seems you are saying that whatever dns server you point a machine to is the domain controller it will use for its domain authentication correct?  This way i could still leave the default gateway as is since this is what enables both sites to communicate.
0
 
LVL 3

Expert Comment

by:ltechsolutions
ID: 39608367
Assuming you can ping the East coast server's IP from the computers at the West coast site, then you're absolutely correct.
0
 

Author Comment

by:dankyle67
ID: 39608449
Great, that would be nice if i could get that working as you advised.  Lets assume that in the west coast office they never had a domain controller installed and the office was just new and the site to site connection was already in place, I would then theoretically be able to simply use the east coast office dns/domain controller as the only and main source for their authentication correct until i installed a local domain controller their as a best practice like you mentioned?  The reason i am asking this is that a month ago the west coast office tried setting up a new laptop and couldnt get it to join the domain and was assuming that it was trying to get domain credentials by using the tombstoned local domain controller but if i point it now to the east coast dns server then maybe it will be able to sucessfully join the domain.
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Preface Having the need * to contact many different companies with different infrastructures * do remote maintenance in their network required us to implement a more flexible routing solution. As RAS, PPTP, L2TP and VPN Client connections are no…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now