Virtual Architects Support Wiki

User Tools

Site Tools

You are here: start » networking » windows » active_directory » domain_controller_sites
Trace: domain_controller_sites
networking:windows:active_directory:domain_controller_sites

Table of Contents

Windows Domain Controller Notes

http://srvcore.wordpress.com/2010/02/06/active-directory-windows-2008-and-2008-r2-useful-documentation/

Remote Sites

http://www.jppinto.com/2010/07/dcpromo-on-windows-server-2008/

Overview

Branch site will have a Domain Controller including Global Catalog (GC) and DNS server.

On Main Site DC

  1. Verify intra-site replication first
    1. http://technet.microsoft.com/en-us/library/cc736355%28WS.10%29.aspx
    2. Requires install of Support Tools
    3. http://technet.microsoft.com/en-us/library/cc755360%28WS.10%29.aspx
    4. repadmin /showrepl
    5. repadmin /showrepl backupdcname
  2. Prepare the forest and domain for the new 2008 DC
    1. Use the 2008 (R2) media on 2003 PDC
      1. You can use the free MagicISO to mount the ISO file
    2. d:\support\adprep\adprep32 /forestprep
    3. d:\support\adprep\adprep32 /domainprep /gpprep
  3. Use ADSS to verify main and branch sites are created
  4. Verify correct subnets assigned to both sites
  5. Use DNS Manager to create reverse lookup zones (AD integrated) for each subnet
  6. If you can, build the branch office DC and join to domain as member server
    1. Do not DCPromo yet
    2. Install DNS server role

At Branch Office

  1. Switch on new DC (still a member server)
  2. Configure IP address for new site
  3. Verify DNS Server role is installed
    1. AD integrated
  4. Make sure new DC has main site DC as its primary DNS server
  5. Check that VPN is established
    1. Ping main site DC by name
    2. Ping main site DC by FQDN
  6. DCPromo (will be slower than at main site)
    1. Make new server a Global Catalog server
    2. Make new server a DNS server
    3. If static IPv4 address is assigned, you can ignore the DHCP warning
    4. If you see a DNS delegation warning, you can click Yes to continue
  7. Use ADSS
    1. Check that new server is in the correct site
    2. Right-click NTDS Settings object under PDC
      1. All Tasks → Check Replication Topology
    3. Refresh Sites folder
      1. Connections should appear under all NTDS Settings objects in both sites
    4. Check that site links have been created under Inter-Site Transports/IP
      1. From old to new
      2. New to old
      3. Manually create them on both DCs if needed
  8. Create test objects in AD at both ends and wait until they have replicated to the other server
    1. Be patient
  9. Change networking on new DC to point to itself for first DNS server and main site DC as second

Reference

http://srvcore.wordpress.com/2010/02/04/domain-controllers-and-active-directory-domains-part-3/

http://technet.microsoft.com/en-us/library/cc816705%28WS.10%29.aspx

http://technet.microsoft.com/en-us/library/cc794962%28WS.10%29.aspx

Planning and Deploying AD to Remote Sites

http://technet.microsoft.com/en-us/library/cc749943.aspx

http://technet.microsoft.com/en-us/library/cc749914.aspx

Active Directory Sites and Services

Site

  • Create a new Site

Subnet

  • Prefix
    • 192.168.1.0/24
  • Assign new subnet to new site
  • Multiple subnets possible per site
  • This is how authentication and apps know which DC to contact

Configure Server

Networking

  • Static IP Address
    • Matches subnetting above
  • Primary DNS Server
    • Use the PDC or other existing DC/DNS server

Firewall

  • If a firewall exists between the sites/DCs
    • See KB179442

Install Active Directory

  • dcpromo.exe
    • Choose new site created above
    • Add roles
      • DNS
      • Global Catalog
  • Reboot server

Verify AD Configuration

  • Active Directory Sites and Services
    • Browse to (new site) → Servers → ServerName → NTDS Settings
    • Right-click → Replicate Now
      • A warning may not represent a real problem
        • especially after first reboot
  • Right-click top level and change to another DC
    • Try the same tests
  • Troubleshooting
    • Be patient and wait for the replication to occur
    • Reboot again
    • Review firewall configuration

Configure DNS Server

  • Reverse Lookup Zone for new subnet
    • DNS Manager
      • Review the Forward Lookup records for the new DC
      • Create new PTR records for new DC and clients in new site
      • Create new Reverse Lookup Zone
        • Primary zone
        • Store the zone in AD (replicated)
        • All DNS servers running on DCs
        • Network ID
          • 192.168.1
        • Only secure dynamic updates

NIC DNS Settings

http://support.microsoft.com/kb/825036

  • Set the Primary DNS server to PDC
    • Consider setting the Primary DNS server to own IP after replication is successful
  • Set the Secondary DNS Server to the PDC or closest DC
  • Advanced TCP/IP Settings
    • Add remote DC/DNS server(s) as backup
    • Add additional DNS servers if desired

DHCP Server

  • Configure DHCP server to hand out local DC/DNS server as primary
  • Configure DHCP server to hand out remote DC/DNS server as backup

Troubleshooting

dcdiag /test:dns

dcdiag -v |more
networking/windows/active_directory/domain_controller_sites.txt · Last modified: 2012/02/12 09:50 (external edit)

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki