ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Additional domain controller in remote site

    Scheduled Pinned Locked Moved IT Discussion
    dnsbranch officedomain controlldhcp
    77 Posts 5 Posters 24.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • IT-ADMINI
      IT-ADMIN @alexntg
      last edited by

      @alexntg said:

      @IT-ADMIN said:

      i know that the best practice is to have one additional DC in the branch office, but unfortunately i still not have the skills to get that done, this project was not successful and i risked to damage the main DC because it seem that there was some kind of conflict between the 2 DC, now i'm thinking about having child DC in the branch office, this is my next plan, hoping that will be successful

      best regard

      Do you mean a child domain? There's very little reason to use a child domain unless there's a legal separation requirement between two business entities or you have so many computers that a single domain wouldn't be practical.

      so, i meant child domain, i plan to do that in order to have a backup login server in the branch, i know that additional DC is the best solution for that but this project was not successful. so sad .....

      alexntgA 1 Reply Last reply Reply Quote 0
      • alexntgA
        alexntg @IT-ADMIN
        last edited by

        @IT-ADMIN said:

        @alexntg said:

        @IT-ADMIN said:

        i know that the best practice is to have one additional DC in the branch office, but unfortunately i still not have the skills to get that done, this project was not successful and i risked to damage the main DC because it seem that there was some kind of conflict between the 2 DC, now i'm thinking about having child DC in the branch office, this is my next plan, hoping that will be successful

        best regard

        Do you mean a child domain? There's very little reason to use a child domain unless there's a legal separation requirement between two business entities or you have so many computers that a single domain wouldn't be practical.

        so, i meant child domain, i plan to do that in order to have a backup login server in the branch, i know that additional DC is the best solution for that but this project was not successful. so sad .....

        If you go with a child domain, you'd just have 2 domains with single domain controllers. You'd still have the single-DC point of failure (times two), as well as having to deal with domain trusts, group permissions from multiple domains, etc. You really don't want to do that. If it were me, I'd focus on getting the second DC working properly.

        1 Reply Last reply Reply Quote 1
        • IT-ADMINI
          IT-ADMIN
          last edited by

          i appreciate your kind advise, but unfortunately i think that i have all setting correct but still not able to get an additional DC installed in the branch office, and what is worst is that ADC was creating conflict with the main DC (DNS issues) and i risked the stability the whole domain, for this reason i refrain from having it in the branch,

          1 Reply Last reply Reply Quote 0
          • DashrenderD
            Dashrender
            last edited by

            Alex is right, you don't want a child domain, it gains you nothing. If you go that route, you might as well have two completely separate domains.

            I would really like to see what is happening when you have the additional DC setup at the remote office. You can take the server to the remote office, install Server on it. Promote it to Active Directory, and only have one or two machines in the branch use that machine so that you don't effect the whole remote office.... once you have those one or two computers working well, you can enable all those machines to use that server.

            1 Reply Last reply Reply Quote 1
            • DashrenderD
              Dashrender
              last edited by

              What problems are you having now with the remote branch computers and them connecting to the domain?

              IT-ADMINI 1 Reply Last reply Reply Quote 0
              • IT-ADMINI
                IT-ADMIN @Dashrender
                last edited by

                @Dashrender said:

                What problems are you having now with the remote branch computers and them connecting to the domain?

                ok Sir, i will tell you all the steps i have done,

                1- promote windows server 2008 R2 to be a domain controller (additional), and i select during the wizard DNS server and global catalog (i did this in the main office)
                2- go to Active directory site and services,--> create a new site called Branch, --> create a site link between Main and Branch,--> create new subnet 192.168.5.0, --> in the site link i set the cost and a schedule for replication,--> change ip address of my ADC from 192.168.1.250 to 192.168.5.250, and set the preferred DNS to the ip of the main DC and alternate DNS to his ip ---> i moved to branch office and plug the ADC to the switch ---> change the preferred DNS of branch computers from the PDC ip to ADC,

                in this stage i go to one of my branch computer, and login from it, i open cmd then type set in order to know the logon server, it show the name of the main DC, i flushed the dns, still having the main DC as logon server, i disconnect the VPN, the user cannot login,

                the problem is that the branch computers cannot recognize the PDC as logon server,

                then i go to reverse lookup zone, i didn't find any reverse lookup zone that correspond to my remote network 192.168.5, so i decided to add one for my remote network, in this stage a painful story start, the main DC show a message DNS NOT OPERATING, everything got crazy, so i disconnect the VPN, the DNS was restored, enable VPN the DNS not operating, that time i recognize that the ADC who is responsible for these problem,
                finally i decided to remove that shit (ADC) from remote office

                this is the whole story, i hope that you enjoy it, lol

                1 Reply Last reply Reply Quote 0
                • IT-ADMINI
                  IT-ADMIN
                  last edited by

                  What about Read Only DC, is it a good idea ??

                  scottalanmillerS 1 Reply Last reply Reply Quote 0
                  • scottalanmillerS
                    scottalanmiller @IT-ADMIN
                    last edited by

                    @IT-ADMIN said:

                    What about Read Only DC, is it a good idea ??

                    Doesn't feel like it is needed here. Now that you have the DC at the main site... is it causing a problem?

                    IT-ADMINI 1 Reply Last reply Reply Quote 0
                    • IT-ADMINI
                      IT-ADMIN @scottalanmiller
                      last edited by

                      @scottalanmiller said:

                      @IT-ADMIN said:

                      What about Read Only DC, is it a good idea ??

                      Doesn't feel like it is needed here. Now that you have the DC at the main site... is it causing a problem?

                      no problem at all, but i need a backup logon server in the branch office so that if the VPN go down, ---> users in the branch can login from the DC in the branch

                      scottalanmillerS 1 Reply Last reply Reply Quote 0
                      • IT-ADMINI
                        IT-ADMIN
                        last edited by

                        but if i have only one DC in the main, if the vpn go down, new login cannot be made, only cached users who can login

                        scottalanmillerS 1 Reply Last reply Reply Quote 0
                        • scottalanmillerS
                          scottalanmiller @IT-ADMIN
                          last edited by

                          @IT-ADMIN said:

                          @scottalanmiller said:

                          @IT-ADMIN said:

                          What about Read Only DC, is it a good idea ??

                          Doesn't feel like it is needed here. Now that you have the DC at the main site... is it causing a problem?

                          no problem at all, but i need a backup logon server in the branch office so that if the VPN go down, ---> users in the branch can login from the DC in the branch

                          We don't use one. We use central Domain Controllers and VPN (Pertino) to our offices and don't worry about DCs in the branches. Not a problem at all for us. Branches cache credentials, so no one notices if a DC is unavailable.

                          alexntgA 1 Reply Last reply Reply Quote 0
                          • scottalanmillerS
                            scottalanmiller @IT-ADMIN
                            last edited by

                            @IT-ADMIN said:

                            but if i have only one DC in the main, if the vpn go down, new login cannot be made, only cached users who can login

                            Correct. How often do you have new logins happening in the branches? Is this common? For us, it would be weeks between new people logging in. Do you hire new people in the branches all of the time? Or do they constantly switch machines?

                            IT-ADMINI 1 Reply Last reply Reply Quote 0
                            • IT-ADMINI
                              IT-ADMIN @scottalanmiller
                              last edited by

                              @scottalanmiller said:

                              @IT-ADMIN said:

                              but if i have only one DC in the main, if the vpn go down, new login cannot be made, only cached users who can login

                              Correct. How often do you have new logins happening in the branches? Is this common? For us, it would be weeks between new people logging in. Do you hire new people in the branches all of the time? Or do they constantly switch machines?

                              yes they switch machines toooooo ofen, no one stay in his machines and create big problem for me, even problem with outlook, i hope they stay in one place but unfortunately they change their places all the time

                              IT-ADMINI scottalanmillerS 2 Replies Last reply Reply Quote 0
                              • IT-ADMINI
                                IT-ADMIN @IT-ADMIN
                                last edited by

                                @IT-ADMIN said:

                                @scottalanmiller said:

                                @IT-ADMIN said:

                                but if i have only one DC in the main, if the vpn go down, new login cannot be made, only cached users who can login

                                Correct. How often do you have new logins happening in the branches? Is this common? For us, it would be weeks between new people logging in. Do you hire new people in the branches all of the time? Or do they constantly switch machines?

                                yes they switch machines toooooo ofen, no one stay in his machines and create big problem for me, even problem with outlook, i hope they stay in one place but unfortunately they change their places all the time

                                i'm thinking of RODC in the branch hopefully this project will be successful !!!

                                1 Reply Last reply Reply Quote 0
                                • scottalanmillerS
                                  scottalanmiller @IT-ADMIN
                                  last edited by

                                  @IT-ADMIN said:

                                  @scottalanmiller said:

                                  @IT-ADMIN said:

                                  but if i have only one DC in the main, if the vpn go down, new login cannot be made, only cached users who can login

                                  Correct. How often do you have new logins happening in the branches? Is this common? For us, it would be weeks between new people logging in. Do you hire new people in the branches all of the time? Or do they constantly switch machines?

                                  yes they switch machines toooooo ofen, no one stay in his machines and create big problem for me, even problem with outlook, i hope they stay in one place but unfortunately they change their places all the time

                                  Oh, very odd. Yes a DC would be needed then.

                                  IT-ADMINI 1 Reply Last reply Reply Quote 0
                                  • IT-ADMINI
                                    IT-ADMIN @scottalanmiller
                                    last edited by

                                    @scottalanmiller said:

                                    @IT-ADMIN said:

                                    @scottalanmiller said:

                                    @IT-ADMIN said:

                                    but if i have only one DC in the main, if the vpn go down, new login cannot be made, only cached users who can login

                                    Correct. How often do you have new logins happening in the branches? Is this common? For us, it would be weeks between new people logging in. Do you hire new people in the branches all of the time? Or do they constantly switch machines?

                                    yes they switch machines toooooo ofen, no one stay in his machines and create big problem for me, even problem with outlook, i hope they stay in one place but unfortunately they change their places all the time

                                    Oh, very odd. Yes a DC would be needed then.

                                    off course, because we have kind of call center, staff don't care where they sit, they don't have specific software, where ever they find free computer they login into it

                                    1 Reply Last reply Reply Quote 0
                                    • alexntgA
                                      alexntg @scottalanmiller
                                      last edited by

                                      @scottalanmiller said:

                                      @IT-ADMIN said:

                                      @scottalanmiller said:

                                      @IT-ADMIN said:

                                      What about Read Only DC, is it a good idea ??

                                      Doesn't feel like it is needed here. Now that you have the DC at the main site... is it causing a problem?

                                      no problem at all, but i need a backup logon server in the branch office so that if the VPN go down, ---> users in the branch can login from the DC in the branch

                                      We don't use one. We use central Domain Controllers and VPN (Pertino) to our offices and don't worry about DCs in the branches. Not a problem at all for us. Branches cache credentials, so no one notices if a DC is unavailable.

                                      Sure we do. NTG has 2 datacenter locations, with DCs in each. IT-ADMIN only has 1 datacenter location, so putting a DC at the remote site would be a good idea. If he/she had another datacenter location, it would be less of a concern.

                                      IT-ADMINI 1 Reply Last reply Reply Quote 0
                                      • IT-ADMINI
                                        IT-ADMIN @alexntg
                                        last edited by

                                        Sure we do. NTG has 2 datacenter locations, with DCs in each. IT-ADMIN only has 1 datacenter location, so putting a DC at the remote site would be a good idea. If he/she had another datacenter location, it would be less of a concern.

                                        he not she, hhhh
                                        thanks for your suggestion, i know that the best idea is to have an additional DC in the remote location, i will try another machine and promote it in the branch office, i will not give up, because i doubt the previous ADC has something wrong in its system, if it doesn't work i will try RODC

                                        1 Reply Last reply Reply Quote 0
                                        • 1
                                        • 2
                                        • 3
                                        • 4
                                        • 4 / 4
                                        • First post
                                          Last post