Domain Controllers on Different Subnets
I have a question about best practices.
Currently have 2 domain controllers on a single network (10.0.0.0). I'm going to be adding a third domain controller on the other side of a point to point VPN on a different network (192.168.1.0). The networking is already setup so that the two network ranges can talk directly to eachother.
Concerning the setup on the other side of the VPN, when joining the machine to the domain initially, I assume that the DNS server should be configured to point to one of the two domain controller on the 10.0.0.0 network and just join it?
This domain controller is really just there for additional DR so we have an active DC in a different Geographic location, but I don't really want the clients in the 10.0.0.0 network to be authenticating over the VPN to that third domain controller. Is it necessary that I setup sites in AD to prevent this or no?
Currently have 2 domain controllers on a single network (10.0.0.0). I'm going to be adding a third domain controller on the other side of a point to point VPN on a different network (192.168.1.0). The networking is already setup so that the two network ranges can talk directly to eachother.
Concerning the setup on the other side of the VPN, when joining the machine to the domain initially, I assume that the DNS server should be configured to point to one of the two domain controller on the 10.0.0.0 network and just join it?
This domain controller is really just there for additional DR so we have an active DC in a different Geographic location, but I don't really want the clients in the 10.0.0.0 network to be authenticating over the VPN to that third domain controller. Is it necessary that I setup sites in AD to prevent this or no?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You will need to specify the site when you promote it. Other than that, your steps are fine. Given your topology, you probably won't need to deal with customizing your intersite transports. Each network is unique and I am not the sysadmin, so that is all just "generic" advice.
ASKER
Currently my AD Sites and Services has the default site and no subnets configured since everything is geographically in the same place, although the main office does have 2 different subnets. So would this essentially be the procedure?
1) Add Site B to AD Sites and Services
2) Add the two subnets in Site A and link them to Site A
3) Add the subnet in Site B and link it to Site B
4) Join new DC to the domain and dcpromo, which should automatically go to the new site based on the IP/Subnet assigned
Is there any real reason to do anything with the Intersite Transport or should both sites just use the default one. I'm not too overly concerned about bandwidth and the link should be decently fast.