How do I add a secondary Domain controller remotely without dns issues via the VPN ?

I want to add a secondary domain controller at a remote location and have both remote and local networks share duplicate the AD and share and access the same data. The data should be hosted at the local PDC and would should be backed up in real time to the Secondary DC. I currently have a site to site VPN set up with 2 sonic walls between both locations. How do I accomplish this without having DNS issues and should I set up DNS service on both the PDC and Secondary DC ?
jbovalley1Asked:
Who is Participating?
 
Rob WilliamsConnect With a Mentor Commented:
This is a very big question. But a mile high overview:
I wrote a blog article about joining a domain over a VPN that may be helpful for that part
https://blog.lan-tech.ca/2012/07/25/how-to-join-a-windows-domain-using-a-vpn/
You then want to add the DNS service to the new DC and make it active directory integrated.  We no longer have primary and secondary DC's by the way, just multiple DC's.
There are different thoughts on DNS but usually you point the Server to itself for primary DNS and the remote server for secondary.
You will probably want to set up DHCP on the new DC using the same DNS settings.
You need to configure sites-and-services for the new DC and IP subnet.
You need to make the new server a global catalogue server in case the other goes down.
Finally you can configure DFS for file replication between sites.
1
 
Danny VerrazanoConnect With a Mentor Commented:
There are different thoughts on DNS but usually you point the Server to itself for primary DNS and the remote server for secondary

Actually as best practice you usually want to point Primary DNS server setting on a DC to another DNS server and Secondary to itself.
0
 
jbovalley1Author Commented:
the primary is currently pointing to itself.  Should I set up a DNS server on the second server and point it to the primary ?
or change the primary from pointing to itself to pointing to the secondary dns  and point the secondary dns to the primary ?
The DHCP and the VPN is already being take cared of by the sonic walls.
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
Danny VerrazanoCommented:
https://technet.microsoft.com/en-us/library/ff807362(v=ws.10).aspx

Primary DNS server setting should always  be set to some other DNS server
Secondary should be set to itself.
0
 
Rob WilliamsCommented:
I would agree on a LAN, but would that not slow name resolution due to the VPN?
0
 
Danny VerrazanoCommented:
I would agree on a LAN, but would that not slow name resolution due to the VPN?

I don't really believe so.  If AD integrated the DNS zones are replicated.  Both Domain Controllers can do name resolution for everything in AD. Clients configured properly should be ok with name resolution on either side of the VPN.

The VPN might slow down replication but even then not too bad unless its a HUGE environment throwing a LOT of replication across that VPN.

Still a bit of questionable stuff going on without more info on his environment though... but as far as DCs go, always make Primary DNS the IP of another DNS server and secondary should be its own IP address.
0
 
Rob WilliamsCommented:
I suppose name resolution requests from a client would be answered by the local DC regardless of where the server's DNS points.  Thus I will bow to your wisdom  :-)
As mentioned I would always point to the other on a high speed connection, such as a LAN.
0
 
Danny VerrazanoCommented:
jbovalley1,

were you able to get this taken care of??  Anything still pending?
0
 
PberSolutions ArchitectCommented:
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.

I have recommended this question be closed as follows:

Split:
-- Rob Williams (https:#a42408193)
-- Danny Verrazano (https:#a42408237)


If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.

Pber
Experts-Exchange Cleanup Volunteer
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.