How do I add a secondary Domain controller remotely without dns issues via the VPN ?

I want to add a secondary domain controller at a remote location and have both remote and local networks share duplicate the AD and share and access the same data. The data should be hosted at the local PDC and would should be backed up in real time to the Secondary DC. I currently have a site to site VPN set up with 2 sonic walls between both locations. How do I accomplish this without having DNS issues and should I set up DNS service on both the PDC and Secondary DC ?
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Rob WilliamsCommented:
This is a very big question. But a mile high overview:
I wrote a blog article about joining a domain over a VPN that may be helpful for that part
You then want to add the DNS service to the new DC and make it active directory integrated.  We no longer have primary and secondary DC's by the way, just multiple DC's.
There are different thoughts on DNS but usually you point the Server to itself for primary DNS and the remote server for secondary.
You will probably want to set up DHCP on the new DC using the same DNS settings.
You need to configure sites-and-services for the new DC and IP subnet.
You need to make the new server a global catalogue server in case the other goes down.
Finally you can configure DFS for file replication between sites.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Danny VerrazanoCommented:
There are different thoughts on DNS but usually you point the Server to itself for primary DNS and the remote server for secondary

Actually as best practice you usually want to point Primary DNS server setting on a DC to another DNS server and Secondary to itself.
jbovalley1Author Commented:
the primary is currently pointing to itself.  Should I set up a DNS server on the second server and point it to the primary ?
or change the primary from pointing to itself to pointing to the secondary dns  and point the secondary dns to the primary ?
The DHCP and the VPN is already being take cared of by the sonic walls.
Redefine Your Security with AI & Machine Learning

The implications of AI and machine learning in cyber security are massive and constantly growing, creating both efficiencies and new challenges across the board. Check out our on-demand webinar to learn more about how AI can help your organization!

Danny VerrazanoCommented:

Primary DNS server setting should always  be set to some other DNS server
Secondary should be set to itself.
Rob WilliamsCommented:
I would agree on a LAN, but would that not slow name resolution due to the VPN?
Danny VerrazanoCommented:
I would agree on a LAN, but would that not slow name resolution due to the VPN?

I don't really believe so.  If AD integrated the DNS zones are replicated.  Both Domain Controllers can do name resolution for everything in AD. Clients configured properly should be ok with name resolution on either side of the VPN.

The VPN might slow down replication but even then not too bad unless its a HUGE environment throwing a LOT of replication across that VPN.

Still a bit of questionable stuff going on without more info on his environment though... but as far as DCs go, always make Primary DNS the IP of another DNS server and secondary should be its own IP address.
Rob WilliamsCommented:
I suppose name resolution requests from a client would be answered by the local DC regardless of where the server's DNS points.  Thus I will bow to your wisdom  :-)
As mentioned I would always point to the other on a high speed connection, such as a LAN.
Danny VerrazanoCommented:

were you able to get this taken care of??  Anything still pending?
PberSolutions ArchitectCommented:
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.

I have recommended this question be closed as follows:

-- Rob Williams (https:#a42408193)
-- Danny Verrazano (https:#a42408237)

If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.

Experts-Exchange Cleanup Volunteer
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.