Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computer Certification > MCSE > Adding a DC at a remote site to provide authentication for VPN use

Reply
Thread Tools

Adding a DC at a remote site to provide authentication for VPN use

 
 
=?Utf-8?B?SkdH?=
Guest
Posts: n/a
 
      05-15-2007

My Server Admin experience has been gained from managing the Servers after
the design process after they have been setup and configured. So I am weak
in the initial design and setup process. I need build up my understanding of
site setup\design and what to look for in the setup process to bring up a new
DC at another site to provide access the domain.
Here is an example problem:

ABC Domain of the following are Windows 2000 Servers and all are in the ABC
domain.

SITE A - The Main Office has DC1 IP Address 159.223.138.10, DC2 IP Address
159.223.138.11, and File and Print Servers.

SITE B - Remote Office has a VPN server IP Address 10.199.63.10 with a T1
Wan Link to SITE A.
Remote users around site B Dial-In into this VPN server and are
authenticated by DC1 and DC2 for access into ABC Domain and it's resources.

Task: Promote a local server DC3 IP Address 159.223.161.26 in SITE B to a
Domain Controller so it can perform authentication for those users who VPN.

My questions:
1. Is it just that simple to promote a little used server in site B to a DC,
if it can ping and access DC1 and DC2?
2. Will DC3 then get all the AD, DHCP, and DNS settings it needs to be a
authenticating DC for the ABC Domain or is there more steps involved that I
missed or should look out for?

 
Reply With Quote
 
 
 
 
John R
Guest
Posts: n/a
 
      05-15-2007

"JGG" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>
> My Server Admin experience has been gained from managing the Servers after
> the design process after they have been setup and configured. So I am
> weak
> in the initial design and setup process. I need build up my understanding
> of
> site setup\design and what to look for in the setup process to bring up a
> new
> DC at another site to provide access the domain.
> Here is an example problem:
>
> ABC Domain of the following are Windows 2000 Servers and all are in the
> ABC
> domain.
>
> SITE A - The Main Office has DC1 IP Address 159.223.138.10, DC2 IP Address
> 159.223.138.11, and File and Print Servers.
>
> SITE B - Remote Office has a VPN server IP Address 10.199.63.10 with a T1
> Wan Link to SITE A.
> Remote users around site B Dial-In into this VPN server and are
> authenticated by DC1 and DC2 for access into ABC Domain and it's
> resources.
>
> Task: Promote a local server DC3 IP Address 159.223.161.26 in SITE B to
> a
> Domain Controller so it can perform authentication for those users who
> VPN.
>
> My questions:
> 1. Is it just that simple to promote a little used server in site B to a
> DC,
> if it can ping and access DC1 and DC2?
> 2. Will DC3 then get all the AD, DHCP, and DNS settings it needs to be a
> authenticating DC for the ABC Domain or is there more steps involved that
> I
> missed or should look out for?
>


This topic is a little off-topic, but here is some guidelines...

It is a little more, but not much. You'll have to setup an A/D site for
site B, assign an IP subnet to site B, and then assign DC3 to site B. If
you haven't already, you'll also need to define site links. If you only
have the two sites, then just assign both sites to the default site link.
As far as DNS goes, it depends on how you have it configured and where the
DNS data is being kept. If it is A/D integrated, and you install DNS on
DC3, then it will get it automatically. If it is stored in an a/d partition
that is getting replicated, again it will get it. If if is stored in a
legacy DNS file, then you'll need to configure zone transfers.

DHCP is not normally replicated, and should be a local service for each site
if there are more than a few workstations at a site. Redundancy should be
built-in to that strategy, ie, either use DHCP helpers in your router (if
they support that), or have two DHCP servers at each site, or install a DHCP
proxy on each subnet pointing to the DHCP on the other (with appropriate
scopes setup, of course).

Without knowing a whole lot more about your network, that is all the
'generalities' I can offer.

John R


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Re: Looking for a solution where VPN Client access can use site to site VPN (can the ASA 5510 help?) Igor MamuziŠ aka Pseto Cisco 0 01-06-2010 05:58 PM
VPN site to site & Remote access VPN ( vpn client) over the same interface pasatealinux Cisco 1 12-17-2007 07:41 PM
acnt.com provide 2000 new computer hardware products. we provide most powerful computers on the market at reasonable prices. victoria Computer Information 0 10-11-2007 04:25 AM
PIX 501 Site-to-Site VPN and Remote Access VPN drhopkins@cox.net Cisco 1 11-14-2006 03:32 PM
site-to-site VPN tunnel with remote VPN clients David Mitchell Cisco 0 06-21-2006 03:07 PM



Advertisments