Adding a DC at a remote site to provide authentication for VPN use

Discussion in 'MCSE' started by =?Utf-8?B?SkdH?=, May 15, 2007.

  1. My Server Admin experience has been gained from managing the Servers after
    the design process after they have been setup and configured. So I am weak
    in the initial design and setup process. I need build up my understanding of
    site setup\design and what to look for in the setup process to bring up a new
    DC at another site to provide access the domain.
    Here is an example problem:

    ABC Domain of the following are Windows 2000 Servers and all are in the ABC
    domain.

    SITE A - The Main Office has DC1 IP Address 159.223.138.10, DC2 IP Address
    159.223.138.11, and File and Print Servers.

    SITE B - Remote Office has a VPN server IP Address 10.199.63.10 with a T1
    Wan Link to SITE A.
    Remote users around site B Dial-In into this VPN server and are
    authenticated by DC1 and DC2 for access into ABC Domain and it's resources.

    Task: Promote a local server DC3 IP Address 159.223.161.26 in SITE B to a
    Domain Controller so it can perform authentication for those users who VPN.

    My questions:
    1. Is it just that simple to promote a little used server in site B to a DC,
    if it can ping and access DC1 and DC2?
    2. Will DC3 then get all the AD, DHCP, and DNS settings it needs to be a
    authenticating DC for the ABC Domain or is there more steps involved that I
    missed or should look out for?
    =?Utf-8?B?SkdH?=, May 15, 2007
    #1
    1. Advertising

  2. =?Utf-8?B?SkdH?=

    John R Guest

    "JGG" <> wrote in message
    news:...
    >
    > My Server Admin experience has been gained from managing the Servers after
    > the design process after they have been setup and configured. So I am
    > weak
    > in the initial design and setup process. I need build up my understanding
    > of
    > site setup\design and what to look for in the setup process to bring up a
    > new
    > DC at another site to provide access the domain.
    > Here is an example problem:
    >
    > ABC Domain of the following are Windows 2000 Servers and all are in the
    > ABC
    > domain.
    >
    > SITE A - The Main Office has DC1 IP Address 159.223.138.10, DC2 IP Address
    > 159.223.138.11, and File and Print Servers.
    >
    > SITE B - Remote Office has a VPN server IP Address 10.199.63.10 with a T1
    > Wan Link to SITE A.
    > Remote users around site B Dial-In into this VPN server and are
    > authenticated by DC1 and DC2 for access into ABC Domain and it's
    > resources.
    >
    > Task: Promote a local server DC3 IP Address 159.223.161.26 in SITE B to
    > a
    > Domain Controller so it can perform authentication for those users who
    > VPN.
    >
    > My questions:
    > 1. Is it just that simple to promote a little used server in site B to a
    > DC,
    > if it can ping and access DC1 and DC2?
    > 2. Will DC3 then get all the AD, DHCP, and DNS settings it needs to be a
    > authenticating DC for the ABC Domain or is there more steps involved that
    > I
    > missed or should look out for?
    >


    This topic is a little off-topic, but here is some guidelines...

    It is a little more, but not much. You'll have to setup an A/D site for
    site B, assign an IP subnet to site B, and then assign DC3 to site B. If
    you haven't already, you'll also need to define site links. If you only
    have the two sites, then just assign both sites to the default site link.
    As far as DNS goes, it depends on how you have it configured and where the
    DNS data is being kept. If it is A/D integrated, and you install DNS on
    DC3, then it will get it automatically. If it is stored in an a/d partition
    that is getting replicated, again it will get it. If if is stored in a
    legacy DNS file, then you'll need to configure zone transfers.

    DHCP is not normally replicated, and should be a local service for each site
    if there are more than a few workstations at a site. Redundancy should be
    built-in to that strategy, ie, either use DHCP helpers in your router (if
    they support that), or have two DHCP servers at each site, or install a DHCP
    proxy on each subnet pointing to the DHCP on the other (with appropriate
    scopes setup, of course).

    Without knowing a whole lot more about your network, that is all the
    'generalities' I can offer.

    John R
    John R, May 15, 2007
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. David Mitchell
    Replies:
    0
    Views:
    788
    David Mitchell
    Jun 21, 2006
  2. Replies:
    1
    Views:
    648
    Walter Roberson
    Nov 14, 2006
  3. victoria
    Replies:
    0
    Views:
    828
    victoria
    Oct 11, 2007
  4. pasatealinux
    Replies:
    1
    Views:
    2,030
    pasatealinux
    Dec 17, 2007
  5. Giuen
    Replies:
    0
    Views:
    834
    Giuen
    Sep 12, 2008
Loading...

Share This Page