Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 400
  • Last Modified:

promoting 2003 server to domain controller at a remote site

Hi.
for a few months now our main office in new york could no longer access our west coast office via the site to site vpn so the west coast server which is a domain controller could not replicate with the new york primary domain controller but just today we got both sites connected via an mpls dedicated connection so i can ping and remote desktop into each site but as expected, when i tried replicating the servers got errors.  My question is what would be the easiest way to correct this so west coast site can authenticate domain users properly since now the users are not able to log into their pcs for some reason and are getting errors that no domain controller is available.  There is a 2nd member server at the west coast site so could i just promote that to a domain controller and then if it works, demote the original domain controller?  Wasnt sure of the steps for dcpromo as well.  Thanks in advance.
0
dankyle67
Asked:
dankyle67
  • 4
  • 3
1 Solution
 
ltechsolutionsCommented:
Assuming the member server is already joined to the domain, you should be able to run DCPROMO to promote it to a domain controller.

Though, from what you've said, it sounds like you already have a domain controller in both offices. However, it's been so long since they replicated, that each of the DCs assumed the other was permanently offline and "tombstoned" it.

This article may help you "reanimate" a tombstoned object in AD:

http://technet.microsoft.com/en-us/magazine/2007.09.tombstones.aspx

If you can get the existing DCs replicating with each other, that'll be your best bet.
0
 
dankyle67Author Commented:
yes would prefer to bring back the tombstoned domain controller but just worried its a lot of work thats why was thinking about promoting the 2nd member server in the west coast office. Will take a look at the article first, thanks so far.  Also, if both sites are not connected thru a dedicated leased line which is pretty fast, could they just use the east coast domain controller for authenticating or would this be too slow?
0
 
ltechsolutionsCommented:
AD authentication uses so little bandwidth, having the West coast users use the East coast server shouldn't be a problem at all. Unless, of course, you have a complex group policy structure that needs to apply, or if it's trying to redirect folders across the WAN.
0
Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

 
ltechsolutionsCommented:
I should add - the best practice is to have at least one domain controller in each physical location. However, as an interim solution, what you described will work. Just make sure that the DNS for your computers (including West coast) have your East coast domain controller set.
0
 
dankyle67Author Commented:
That sounds like what i would like to do in the interim but problem is they just completed this voip phone system which links both sites together by using connected gateways on each site called mpls which im not familiar with.  The nice thing is both sites are able to see each other but the gateway they point to is that phone system gateway.  Currently, in their ip settings i have the default gateway as 10.10.2.254 at west coast site and the dns is set to the domain controller that is tombstoned so are you saying that since both sites are linked, i could temporarily set the west coast site to use the ny site dns server which is also the main domain controller/DNS server?  In other words, im trying to find out how the west coast site pcs determine which domain controller to use for authentication in general.  It seems you are saying that whatever dns server you point a machine to is the domain controller it will use for its domain authentication correct?  This way i could still leave the default gateway as is since this is what enables both sites to communicate.
0
 
ltechsolutionsCommented:
Assuming you can ping the East coast server's IP from the computers at the West coast site, then you're absolutely correct.
0
 
dankyle67Author Commented:
Great, that would be nice if i could get that working as you advised.  Lets assume that in the west coast office they never had a domain controller installed and the office was just new and the site to site connection was already in place, I would then theoretically be able to simply use the east coast office dns/domain controller as the only and main source for their authentication correct until i installed a local domain controller their as a best practice like you mentioned?  The reason i am asking this is that a month ago the west coast office tried setting up a new laptop and couldnt get it to join the domain and was assuming that it was trying to get domain credentials by using the tombstoned local domain controller but if i point it now to the east coast dns server then maybe it will be able to sucessfully join the domain.
0

Featured Post

Restore individual SQL databases with ease

Veeam Explorer for Microsoft SQL Server delivers an easy-to-use, wizard-driven interface for restoring your databases from a backup. No expert SQL background required. Web interface provides a complete view of all available SQL databases to simplify the recovery of lost database

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now