Domain Controller for an existing domain

[avequips]

Hi

I have this scenario that I need feedback on.

Lets say I have two sites. Site A & Site B and I then create a domain controller on Site A with example.com

Now if I go to Site B and create a Additional Domain Controller for an existing domain so that example.com replicates over at site B.

So will this setup work

Thanks in advance

[ruddj]

How are the 2 sites connected? Are they on different IP subnets? Do you have routing configured between them? Are there firewalls between the sites?

I have never tried this so if anyone can confirm / refute the following please do so.
The easiest option if possible is to start with Server B at Site A, add it to domain and start replication. This ensure it is up to date and doesn't need to sync over the WAN. Then use AD Sites and Services to Create the new site and assign Server B to the new site. (Sites are usually defined using IP subnets). Move Server B to Site B, change it's settings (IP, Gateway, etc) and check if it can still sync. If it can't sync you start the long path of trying to determine what is blocking it. Routing, firewalls, etc all come into this.

If you are doing this with servers already in position at the 2 sites, the main thing is to ensure DNS is set up between them. After you create the first AD server (A), have your extra DC (B) point to it for DNS. This ensures it knows where to contact the server for adding the domain. You will still need to ensure they can communicate though routing/firewall for actual transfer /sync of AD data.

Good Luck.

[avequips]

The two sites will be connected via VPN on ADSL2+ and ADSL connection and will be on different subnets. Currently I am using pfsense but thinking about moving over to TMG.

My main concern is that I have been told that adding a second domain controller to an exisiting domain is mainly for redundancy and needs to be at the same site.
But in my situation I want to keep it at site B and only have one domain.
Site A & Site B will be example.com
rather than
Site A
example.com
Site B
siteb.example.com

Thanks

[RabbieBurns]

I am in the process of planning setup for the exact same scenario, exept I plan on having an exchange server at either end processing mail for the single example.com domain

My main stumbling block atm is how to VPN the 2 sites together, but as previously mentioned I have been suggested Sites and Services to let windows do the p2p connection..

Ill follow this thread with interest.

[FN-GM]

This seems to be an Australian only thread

Anyway as others have said you need to setup in sites and services. Otherwise you will have all sorts of problems such as replication problems and if the DC's are in the same AD site but on 2 physically different sites with a slow link they will hog your bandwidth.

[ruddj]

From what I have seen this is what most business do that have satellite/branch offices. The aim is to provide a local server for authentication, DNS and DHCP, rather than always travelling over VPN. By having separate sites your can control how they sync.

Not sure, this may help: Deploying Active Directory for Branch Office Environments
Some other good resources
Adding Domain Controllers in Remote Sites

Look around, there are lots of good resources, just look up either branch office or remote sites.

[Stuart_C]

You need to look into the Sites and Services. I'm just planning this here to merge our Prep School's network into ours (VPN link over Leased lines). You need to avoid situations where PC's attempt to connect to logon servers on the other sites which should be exaclty what Sites and Services is for.

[Edit]
Which is exactly what @FN-GM said and I would have noticed if I'd read the thread properly.

You also need to make sure that all your polices/security settings work fine at both sites.

[Firefox]

Within Sites and Services, if you haven't already, add all the subnets that exist in your organisation. These subnets then will need to be linked to a site. You can add multiple subnets to a site without too many issues. This controls the site each subnet goes to for authentication.

If you have knowledge consistency checker turned on.....which I believe is default. Then it should auto calculate the replication links that it requires.

Under intersite transports and then IP you can create site-to-site links which allows you to have some control on the frequency of the replication.

As previously stated, having addition DC's on other sites, has previously been the preferred method for combating slow links.

[Michael]

Hi

I have this scenario that I need feedback on.

Lets say I have two sites. Site A & Site B and I then create a domain controller on Site A with example.com

Now if I go to Site B and create a Additional Domain Controller for an existing domain so that example.com replicates over at site B.

So will this setup work

Thanks in advance

Yes this will work no problem, but as others have said, if you have a slow link you need to look at Sites and Services. If you have a fast link, it isn't as necessary.

Please note that typically with multiple DCs, the one server is the role master (the true master of the domain), unless you go down the route of splitting roles onto multiple DCs. This is something for very large networks. If the link goes down, everything will still work fine server wise.

[sukh]

1. It will work and yo should have another DC at Site B. You should have a DC/GC in every AD site, otherwise what's the point in having site B.
2. If you have Exch in Site B then you defo need one.

[avequips]

Thanks for all the info guys,

I am planning to carry out the particular project over the school break.

Will let ya all know how I went.