Adding a DC at a remote site
Discussion
Hi Guys
I've just finished setting up a new AD domain controller at my Glasgow site. It's also doing DNS (AD integrated), DHCP and WINS. Glasgow subnet is 10.10.0.0/16. I need to add a replica DC to my Edinburgh site which is subnet 192.168.0.0/24. This DC will also be doing DNS, DHCP and WINS. I have 2Mbps WAN link between sites. I've created sites and subnets in AD Sites and Services.
New server is still in it's box while I try to ascertain the least problematic way of setting it up. Way I see it I've got two options:
1. Set up replica DC at my Glasgow site, join it to the domain, then change IP address details to match Edinburgh subnet and ship in to Edinburgh.
2. Ship it to Edinburgh, set it up on Edinburgh subnet and try and join it to the domain. I suspect LMHOSTS may come in to play if I choose this option.
Which option do think will cause me less grief? Changing the IP address of a DC, or trying to join a domain across a WAN link?
Cheers
Phil
I've just finished setting up a new AD domain controller at my Glasgow site. It's also doing DNS (AD integrated), DHCP and WINS. Glasgow subnet is 10.10.0.0/16. I need to add a replica DC to my Edinburgh site which is subnet 192.168.0.0/24. This DC will also be doing DNS, DHCP and WINS. I have 2Mbps WAN link between sites. I've created sites and subnets in AD Sites and Services.
New server is still in it's box while I try to ascertain the least problematic way of setting it up. Way I see it I've got two options:
1. Set up replica DC at my Glasgow site, join it to the domain, then change IP address details to match Edinburgh subnet and ship in to Edinburgh.
2. Ship it to Edinburgh, set it up on Edinburgh subnet and try and join it to the domain. I suspect LMHOSTS may come in to play if I choose this option.
Which option do think will cause me less grief? Changing the IP address of a DC, or trying to join a domain across a WAN link?
Cheers
Phil
That seem pretty unanimous then. Thanks for the advice. My only concern is that the new server won't be able to "find" the DC across the WAN when I run DCPROMO and try to join the domain. Am I worrying needlessly?
I have bad memories of trying to add an NT4 BDC to a remote sight and not being able to find the PDC no matter how much I tinkered with LMHOSTS and WINS entries.
Also, where should I point WINS on the new server initially? At itself, or at the Glasgow DC? Or should I setup WINS replication and point it at itself before running DCPROMO?
I have bad memories of trying to add an NT4 BDC to a remote sight and not being able to find the PDC no matter how much I tinkered with LMHOSTS and WINS entries.
Also, where should I point WINS on the new server initially? At itself, or at the Glasgow DC? Or should I setup WINS replication and point it at itself before running DCPROMO?
Edited by pcwilson on Friday 15th February 09:48
Edited by pcwilson on Friday 15th February 09:50
Thanks again for the advice. I will take my new server to Edinburgh on Monday to set it up.
At the risk of hijacking my own threat, can I ask another question.
I have a two way external trust between my old NT4 domain and my new W2K3 AD domain. All my users are still logging on to the NT4 domain. I've created new user accounts and home folders for them in AD, and I've set up permissions on the home folders so they can all access their new home folder whilst logged on to the old domain. So far so good.
However, I'm now trying to move print queues over from NT to W2K3. I've installed my printers (and additional drivers) and shared them. However, I'm having bother granting access to the new printers and the print$ share. I've created a global group in NT4 containing all the users who need to print to printers on W2K3. I've created a domain local group in AD and added the global group from NT4 to it. I've tried adding this domain local group to the DACL for the printers and the print$ share but I still get Access Denied when trying to browse the print$ share, and can't install a printer on my workstation without being asked for drivers. I'm obviously being a complete muppet.
ETA: I can drop to a command prompt and do NET USE X: \\server\print$ and it connects successfully. But if I do Start -> Run and enter \\SERVER\PRINT$ I get access denied.
At the risk of hijacking my own threat, can I ask another question.
I have a two way external trust between my old NT4 domain and my new W2K3 AD domain. All my users are still logging on to the NT4 domain. I've created new user accounts and home folders for them in AD, and I've set up permissions on the home folders so they can all access their new home folder whilst logged on to the old domain. So far so good.
However, I'm now trying to move print queues over from NT to W2K3. I've installed my printers (and additional drivers) and shared them. However, I'm having bother granting access to the new printers and the print$ share. I've created a global group in NT4 containing all the users who need to print to printers on W2K3. I've created a domain local group in AD and added the global group from NT4 to it. I've tried adding this domain local group to the DACL for the printers and the print$ share but I still get Access Denied when trying to browse the print$ share, and can't install a printer on my workstation without being asked for drivers. I'm obviously being a complete muppet.
ETA: I can drop to a command prompt and do NET USE X: \\server\print$ and it connects successfully. But if I do Start -> Run and enter \\SERVER\PRINT$ I get access denied.
Edited by pcwilson on Friday 15th February 13:59
Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff