Additional domain controller in remote site
-
@alexntg said:
A few things:
- Each DC should only point to itself for DNS. After turning a member server into a DC, you may need to adjust its DNS settings accordingly.
I'll go on the record and say I disagree with this. At minimum every DC should have a secondary IP of another DNS server (assuming you have at least two). Furthermore I typically set my DC's to point to the other DNS server for the primary and itself as the secondary. This allows ADDS to have an active DNS source while booting since local DNS might not be completely up before ADDS starts (if this has been resolved on 2012 I might be a bit behind these days).
-
@IT-ADMIN said:
@Dashrender said:
The AD box needs access to DNS too. You need to give the secondary DNS server pointing to itself.
the main DC need only his own ip as DNS server, but the branch DC need the DNS access of the main DC, do you mean that he need his own ip as a second DNS ??
Yes. Now Scott and Alex are both saying it should point to itself first, but I prefer to point to another DNS server first, and itself second.
But - if the DC is only pointing to another source, and you remove that source you will find that the DC in question (in your case the branch DC) will have all kinds of problems since it doesn't have DNS to query about services.
-
@Dashrender said:
@alexntg said:
A few things:
- Each DC should only point to itself for DNS. After turning a member server into a DC, you may need to adjust its DNS settings accordingly.
I'll go on the record and say I disagree with this. At minimum every DC should have a secondary IP of another DNS server (assuming you have at least two). Furthermore I typically set my DC's to point to the other DNS server for the primary and itself as the secondary. This allows ADDS to have an active DNS source while booting since local DNS might not be completely up before ADDS starts (if this has been resolved on 2012 I might be a bit behind these days).
It's a bit of a catch 22. There have been a few times that I've had to put a second DNS server in due to boot hanging. The flip side is that if you have a 2nd DNS server in and its own DNS server fails, how would you know to correct it? You may not notice the issue until the other DNS fails.
-
Assuming the links between locations can handle it, I'd have the another server pointing at this one. As for knowing if there are problems, the local clients will be using the DNS of the local server, in the case of the OP, both servers DNS server will be being used by clients. If there are problems you should find out through complaints from them.
-
@Dashrender said:
Assuming the links between locations can handle it, I'd have the another server pointing at this one. As for knowing if there are problems, the local clients will be using the DNS of the local server, in the case of the OP, both servers DNS server will be being used by clients. If there are problems you should find out through complaints from them.
The clients should be set up to use a second DNS server at a different site. If the first one is unavailable, the clients wouldn't notice.
-
@alexntg said:
@Dashrender said:
Assuming the links between locations can handle it, I'd have the another server pointing at this one. As for knowing if there are problems, the local clients will be using the DNS of the local server, in the case of the OP, both servers DNS server will be being used by clients. If there are problems you should find out through complaints from them.
The clients should be set up to use a second DNS server at a different site. If the first one is unavailable, the clients wouldn't notice.
Assuming that strain isn't to much on the connection..
-
@Dashrender said:
@IT-ADMIN said:
@Dashrender said:
The AD box needs access to DNS too. You need to give the secondary DNS server pointing to itself.
the main DC need only his own ip as DNS server, but the branch DC need the DNS access of the main DC, do you mean that he need his own ip as a second DNS ??
Yes. Now Scott and Alex are both saying it should point to itself first, but I prefer to point to another DNS server first, and itself second.
But - if the DC is only pointing to another source, and you remove that source you will find that the DC in question (in your case the branch DC) will have all kinds of problems since it doesn't have DNS to query about services.
Microsoft has always stated that it needs to point to itself first. There is no benefit to pointing to the other first but many downsides like higher latency and increased traffic.
-
what about the replication that take place in time, it seems that the branch DC don't respect the Active Directory Sites and Services at all, because i configure the replication to take place at night and finish in the morning
and how to force branch machines to login from their local DC, ???
-
@IT-ADMIN said:
what about the replication that take place in time, it seems that the branch DC don't respect the Active Directory Sites and Services at all, because i configure the replication to take place at night and finish in the morning
and how to force branch machines to login from their local DC, ???
The default replication schedule of a couple hours should be sufficient for most needs. Any more than that could leave the two sites rather out of sync. Less than that's a waste of bandwidth.
Is their local DC a GC as well?
-
@alexntg said:
@IT-ADMIN said:
what about the replication that take place in time, it seems that the branch DC don't respect the Active Directory Sites and Services at all, because i configure the replication to take place at night and finish in the morning
and how to force branch machines to login from their local DC, ???
The default replication schedule of a couple hours should be sufficient for most needs. Any more than that could leave the two sites rather out of sync. Less than that's a waste of bandwidth.
but at lease the branch DC should respect the schedule, \
Is their local DC a GC as well?
Yes it is both a global catalog and DNS server
-
@IT-ADMIN said:
@alexntg said:
@IT-ADMIN said:
what about the replication that take place in time, it seems that the branch DC don't respect the Active Directory Sites and Services at all, because i configure the replication to take place at night and finish in the morning
and how to force branch machines to login from their local DC, ???
The default replication schedule of a couple hours should be sufficient for most needs. Any more than that could leave the two sites rather out of sync. Less than that's a waste of bandwidth.
but at lease the branch DC should respect the schedule, \
Is their local DC a GC as well?
Yes it is both a global catalog and DNS server
Ok, and what is the primary DNS on each client set to?
-
@alexntg said:
Ok, and what is the primary DNS on each client set to?
i set client in the main office to use the main DC for DNS resolving and set branch client to use branch DC for DNS resolving
-
what server is providing DHCP for the branch PCs?
-
-
@alexntg said:
@IT-ADMIN said:
@alexntg said:
Ok, and what is the primary DNS on each client set to?
i set client in the main office to use the main DC for DNS resolving and set branch client to use branch DC for DNS resolving
And if you run an nslookup against the branch DC, does it resolve queries?
nslookup in branch client machine or branch DC itself ??
-
@IT-ADMIN said:
@alexntg said:
@IT-ADMIN said:
@alexntg said:
Ok, and what is the primary DNS on each client set to?
i set client in the main office to use the main DC for DNS resolving and set branch client to use branch DC for DNS resolving
And if you run an nslookup against the branch DC, does it resolve queries?
nslookup in branch client machine or branch DC itself ??
Nslookup from any client computer, and specify the branch DC as the DNS server.
-
@IT-ADMIN said:
@alexntg said:
@IT-ADMIN said:
@alexntg said:
Ok, and what is the primary DNS on each client set to?
i set client in the main office to use the main DC for DNS resolving and set branch client to use branch DC for DNS resolving
And if you run an nslookup against the branch DC, does it resolve queries?
nslookup in branch client machine or branch DC itself ??
Both, actually.
-
when i run nslookup in any branch computer, it resolve successfully but it use the main DNS even if i they have as primary DNS the ADC ip address
what anger me is that machines in the branch office neglect the ADC -
@IT-ADMIN said:
when i run nslookup in any branch computer, it resolve successfully but it use the main DNS even if i they have as primary DNS the ADC ip address
what anger me is that machines in the branch office neglect the ADCWhat happens when you force nslookup to use the branch server?
-
@Dashrender said:
what server is providing DHCP for the branch PCs?
Again, what server is providing DHCP to the branch PCs? Is the scope set correctly to give the PC's the DNS of the branch DNS server.