Re: Need Colocation Active Directory setup help

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

Well you can Transfer the FSMO roles (NOT Move "Seize"), as safe measure. If you move the Mailboxes to new server, the clients will need to be re-pointed. You search for GPO Adm templates to help you with automatic configuration for exchange clients.

--

I hope that the information above helps you.
Have a Nice day.
Jorge Silva
MCSE

"Vitaly" <Vitaly@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:0BDB70B5-8CF9-4245-B1AD-26D1A9743C96@xxxxxxxxxxxxxxxx
Great, thanks for the follow up.
As far as the PDC/RID/Infrastructure Master FSMOs, do I need to move them to
DC2 since DC1 will be down for at least a couple days?
Also, for Exchange (I know this is the wrong forum), but if mailboxes get
moved to Exchange2 (at the colo), then do the users need their outlook
pointed to the new server? That is something that AD handles for Exchange,
correct?

Thanks again,
Vit

"Jorge Silva" wrote:

> I think I was unclear. Essentially, our office is sub-50 people, so the
> forest will stay intact. I've been pushing for 2 DCs for a while, but > the
> message I receive is that 'it's ok to recover from tape.'
Don't bet on it.

> I think the first
> time it happens will be the last time we have 1 DC.
I hope not. But remember if you lose the top root you'll loose the entire
forest. And the time that the domain will be unavailable, untill is
recivered.... Generally 1 DC per domain is asking for trouble.

> In essence, the Colo site will act as local. Our primary subnets her > are
> 192.168.5/24, 192.168.6/24, and 192.168.7/24. I will add a new subnet
> 192.168.8/24 which will be the colo site, connected via VPN and 10Mbps. > As
> far as AD is concerned, it is just another subnet (essentially another
> site
> under the same forest). Any site can can ping any subnet, it's just > that
> 192.168.8.0 will have some latency when responding as it is offsite.
Ahh... Ok the domain is the same correct? In that case you'll have 1 more DC
for that domain which is good.
As for the site configuration, all you have to do is to place the correct
subnet to the correct site, and the DC when premoted will be placed
according with the current configuration. All clients will use their DC for
the local site as 1st try.

> The reason I do not want to make it a separate forest or domain (or > even
> subdomain) is that after the move, the colo is going to be used for
> offsite
> replication, when we acquire a SAN and Doubletake/Wansynch software and
> replicate the main office SAN for geogrpahical site redundancy (e.g > fire
> at
> the main office). In this manner, I am not sure if I should make the > colo
> a
> new site or keep on my local first-name site. It will in essence act as > if
> local.

Sounds like a yes, I don't see reason to create a new domain or new forest,
unless you need to separate security boundaries, if not the case you cand
just create a new site and add it a new DC that will serve these clients at
remote location.

--

I hope that the information above helps you.
Have a Nice day.
Jorge Silva
MCSE

"Vitaly" <Vitaly@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:29400713-A777-410F-9D85-03D75A91DB04@xxxxxxxxxxxxxxxx
> Hi Jorge,
>
> I think I was unclear. Essentially, our office is sub-50 people, so the
> forest will stay intact. I've been pushing for 2 DCs for a while, but > the
> message I receive is that 'it's ok to recover from tape.' I think the
> first
> time it happens will be the last time we have 1 DC.
>
> In essence, the Colo site will act as local. Our primary subnets her > are
> 192.168.5/24, 192.168.6/24, and 192.168.7/24. I will add a new subnet
> 192.168.8/24 which will be the colo site, connected via VPN and 10Mbps. > As
> far as AD is concerned, it is just another subnet (essentially another
> site
> under the same forest). Any site can can ping any subnet, it's just > that
> 192.168.8.0 will have some latency when responding as it is offsite.
>
> The reason I do not want to make it a separate forest or domain (or > even
> subdomain) is that after the move, the colo is going to be used for
> offsite
> replication, when we acquire a SAN and Doubletake/Wansynch software and
> replicate the main office SAN for geogrpahical site redundancy (e.g > fire
> at
> the main office). In this manner, I am not sure if I should make the > colo
> a
> new site or keep on my local first-name site. It will in essence act as > if
> local.
>
> Does that make more sense?
>
> "Jorge Silva" wrote:
>
>> Hi
>> I don't know if I understand you correctly, are you planning to >> shutdown
>> the
>> Top root domain?
>> Reconsider your domain design, and, if possible have at least 2 DCs >> per
>> domain.
>> In Ad concern you should establish a Trust between the 2 forests, and >> use
>> ADMT to migrate user, computer accounts, SIDs, etc... Then you can >> still
>> use
>> it in both forests if you wish (in case of different forests).
>> If the main location is to be shutdown, you can't use the new domain >> in
>> the
>> same forest because if you do so, you'll need the root domain, and >> that
>> domain cannot be shutdown or you'll loose the forest.
>> -- >>
>> I hope that the information above helps you.
>> Have a Nice day.
>> Jorge Silva
>> MCSE
>>
>> "Vitaly" <Vitaly@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> news:0ADFD717-A8D5-4425-AB52-662ECA643C7E@xxxxxxxxxxxxxxxx
>> > Hey guys and gals,
>> >
>> > We will be moving our office sometime in the next several months. I
>> > have
>> > been told that we will get a colocation for some servers to keep
>> > running
>> > during the transition. The bandwidth on the colo via VPN should be
>> > about
>> > 10Mbps burstable.
>> >
>> > Current network:
>> > one domain controller (DC1)
>> > one Exchange Server (2K3 SP2) with data store locally (called >> > MailBE1)
>> > one Exchange Server (2K3 SP2) front end (called MailFE1)
>> > slew of member servers
>> >
>> > Colo Network:
>> > new domain controller (DC2)
>> > new Exchange (2K3 or 2K7 Server) - MailBE2
>> > new Exchange (2K3 or 2K7) front-end server - MailFE2
>> > smaller slew of servers
>> >
>> > I haven't done a colo, so need a little guidance.
>> > How the move will work is that the colo is going to go up. The main
>> > location
>> > is then going to go down. Roaming users will hit the colo from home >> > or
>> > travel
>> > as usual. As new departments starts at the new location they will >> > hit
>> > the
>> > colo. We will then move the 'old' servers to the new location and >> > then
>> > have
>> > the colo as a remote failover site.
>> >
>> > To my understanding, I would need to do the following:
>> > 1. Create a second site in AD Sites and Services and the new subnet
>> > (DC2)
>> > 2. Add the second DC to the domain and enable it to be a global >> > catalog
>> > server.
>> > 3. Add the new colo Exchange server to the domain.
>> > 4. Move the Exchange mailboxes to the Colo Exchange server (MailBE2)
>> > 5. Turn on Exchange Front End at Colo (MailFE2)
>> > 6. Shutdown the First site
>> >
>> > Question:
>> > 1. Do I have to designate the DC2 as the infrastructure master since
>> > DC1
>> > will be down for a period of time? Do I need to do the same for the >> > RID
>> > or
>> > PDC role?
>> > 2. How do setup the replication between the two sites for synch? Is
>> > this
>> > in
>> > the Sites and Services Bridgehead role?
>> > 3. How can I test that DC2 will take over all authentication when >> > the
>> > old
>> > site goes down? Is there a way to simulate this?
>> > 4. AD handles all the routing for Exchange mailbox locations. Is >> > there
>> > anything special I need to do in all the users' Outlook clients, or
>> > will
>> > they
>> > search for the new Exchange server automatically after AD learns >> > about
>> > the
>> > mailbox move to the colo?
>> >
>> > Sorry, I know this is long-winded, but would like to get a feel for
>> > doing
>> > this the right and best practices way. Please let me know if there >> > is
>> > anything I left out and I will fill in the blanks.
>> >
>> > Thanks in advance as always!
>>


.

Relevant Pages