Windows 2008 R2 Forest

Hi,
Just wondering what the best practice is here.  I have two sites, one is in Dublin and the second is in London.  Dublin has an IP range of 192.168.7.0 and London is 192.168.8.0.  I have a forest/Child setup e.g. Forest is company.com and then the children are dublin.company.com and london.company.com.  I wanted to have a DC for the company.com domain in each site (for DR purposes) but I'm not sure how that will work in Sites/Services having two DCs for the same domain being associated with a different subnet.  Plus I will be installing Exchange 2010 in both Dublin and London.

Any ideas?
Cheers
minniejpAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

minniejpAuthor Commented:
Any thoughts?
Steven WellsSystems AdministratorCommented:
you can have two DC's for the same domain in different subnets as long as you configure the sites and services correctly association the site wiht the subnet.

Ie, create a site in AD sites and services called Dublin and associate 192.168.7.0/24 with that site and do same for London.
then move your DC's in to those sites if needed
exchange will work fine as long as you have above setup.
minniejpAuthor Commented:
Thanks for your reply.  So to confirm

I will create a site called Dublin and associate the site with 192.168.7.0.  I will then add the domain controller for the Dublin domain to the Dublin site and also one of the domain controllers from company.com (the one who has the IP 192.168.7.0).  I will then create a site for London and associate 192.168.8.0 to it and add the cd for London and the other dc for company.com to it?

Cheers
Active Protection takes the fight to cryptojacking

While there were several headline-grabbing ransomware attacks during in 2017, another big threat started appearing at the same time that didn’t get the same coverage – illicit cryptomining.

Steven WellsSystems AdministratorCommented:
Yes.  That will work.  That is how active directory works.
https://msdn.microsoft.com/en-us/library/bb727085.aspx

Have a read up about forest sites and services in the above link.
Steven WellsSystems AdministratorCommented:
minniejpAuthor Commented:
Hi Steven,

I did as you suggested but now on the London DC I am getting this error:

Starting test: Knows of Role Holders
Server(which is the schema master and resides on the Dublin subnet) failed with error 1722,
The RPC Server is unavailable....
Warning: Server is the schema owner, but is not responding to DS RPC bind.
LDAP search capability attribute search failed on server return value = 81
Warning: server is the schema owner, but is not responding to LDAP bind
Warning: Server is the domain owner, but is not responding to DS RPC Bind
Warning: Server is the domain owner, but is not responding to LDAP bind

Replication to the other London DC isn't working to the schema master in Dublin, The replication generated an error 1256

Any ideas?
Steven WellsSystems AdministratorCommented:
Sounds like you have DNS issue.
Steven WellsSystems AdministratorCommented:
I would check your servers have updated their DNS entries correctly.  Especially in the name servers tab.  Ensure the DNS settings in the TCP/IP confit are correct and reboot server.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Guy LidbetterCommented:
hi minnieJp,

This sounds like it may be a networking issue... are teh two sites linked and are there firewalls between them?


Check connectivity for the below Ports which need to be opened for Active directory to function properly
UDP Port 88 for Kerberos authentication
UDP and TCP Port 135 for domain controllers-to-domain controller and client to domain controller operations.
TCP Port 139 and UDP 138 for File Replication Service between domain controllers.
UDP Port 389 for LDAP to handle normal queries from client computers to the domain controllers.
TCP and UDP Port 445 for File Replication Service
TCP and UDP Port 464 for Kerberos Password Change
TCP Port 3268 and 3269 for Global Catalog from client to domain controller.
TCP and UDP Port 53 for DNS from client to domain controller and domain controller to domain controller.
Also refer to the below links which will explain this in more detail.
Port used in Active directory Replication.
http://blogs.technet.com/b/janelewis/archive/2006/11/13/ports-used-in-active-directory-replication.aspx
Active directroy and Firewall ports,
http://geekswithblogs.net/TSCustomiser/archive/2007/05/09/112357.aspx
Active Directory Replication over Firewall
http://social.technet.microsoft.com/wiki/contents/articles/584.active-directory-replication-over-firewalls.aspx

regards

Guy
minniejpAuthor Commented:
Thanks for all the replies, Steve, I added a DNS Zone and all the errors have now disappeared.

Cheers
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.