Re: Need Colocation Active Directory setup help

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

On Feb 13, 9:52 am, "Jorge Silva" <jorgesilva...@xxxxxxxxxxx> wrote:
Well you can Transfer the FSMO roles (NOT Move "Seize"), as safe measure. If
you move the Mailboxes to new server, the clients will need to be
re-pointed. You search for GPO Adm templates to help you with automatic
configuration forexchangeclients.

--

I hope that the information above helps you.
Have a Nice day.
Jorge Silva
MCSE

"Vitaly" <Vit...@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message

news:0BDB70B5-8CF9-4245-B1AD-26D1A9743C96@xxxxxxxxxxxxxxxx



Great, thanks for the follow up.
As far as the PDC/RID/Infrastructure Master FSMOs, do I need to move them
to
DC2 since DC1 will be down for at least a couple days?
Also, forExchange(I know this is the wrong forum), but if mailboxes get
moved to Exchange2 (at the colo), then do the users need their outlook
pointed to the new server? That is something that AD handles forExchange,
correct?

Thanks again,
Vit

"Jorge Silva" wrote:

I think I was unclear. Essentially, our office is sub-50 people, so the
forest will stay intact. I've been pushing for 2 DCs for a while, but
the
message I receive is that 'it's ok to recover from tape.'
Don't bet on it.

I think the first
time it happens will be the last time we have 1 DC.
I hope not. But remember if you lose the top root you'll loose the
entire
forest. And the time that the domain will be unavailable, untill is
recivered.... Generally 1 DC per domain is asking for trouble.

In essence, the Colo site will act as local. Our primary subnets her
are
192.168.5/24, 192.168.6/24, and 192.168.7/24. I will add a new subnet
192.168.8/24 which will be the colo site, connected via VPN and 10Mbps.
As
far as AD is concerned, it is just another subnet (essentially another
site
under the same forest). Any site can can ping any subnet, it's just
that
192.168.8.0 will have some latency when responding as it is offsite.
Ahh... Ok the domain is the same correct? In that case you'll have 1 more
DC
for that domain which is good.
As for the site configuration, all you have to do is to place the correct
subnet to the correct site, and the DC when premoted will be placed
according with the current configuration. All clients will use their DC
for
the local site as 1st try.

The reason I do not want to make it a separate forest or domain (or
even
subdomain) is that after the move, the colo is going to be used for
offsite
replication, when we acquire a SAN andDoubletake/Wansynch software and
replicate the main office SAN for geogrpahical site redundancy (e.g
fire
at
the main office). In this manner, I am not sure if I should make the
colo
a
new site or keep on my local first-name site. It will in essence act as
if
local.

Sounds like a yes, I don't see reason to create a new domain or new
forest,
unless you need to separate security boundaries, if not the case you cand
just create a new site and add it a new DC that will serve these clients
at
remote location.

--

I hope that the information above helps you.
Have a Nice day.
Jorge Silva
MCSE

"Vitaly" <Vit...@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:29400713-A777-410F-9D85-03D75A91DB04@xxxxxxxxxxxxxxxx
Hi Jorge,

I think I was unclear. Essentially, our office is sub-50 people, so the
forest will stay intact. I've been pushing for 2 DCs for a while, but
the
message I receive is that 'it's ok to recover from tape.' I think the
first
time it happens will be the last time we have 1 DC.

In essence, the Colo site will act as local. Our primary subnets her
are
192.168.5/24, 192.168.6/24, and 192.168.7/24. I will add a new subnet
192.168.8/24 which will be the colo site, connected via VPN and 10Mbps.
As
far as AD is concerned, it is just another subnet (essentially another
site
under the same forest). Any site can can ping any subnet, it's just
that
192.168.8.0 will have some latency when responding as it is offsite.

The reason I do not want to make it a separate forest or domain (or
even
subdomain) is that after the move, the colo is going to be used for
offsite
replication, when we acquire a SAN andDoubletake/Wansynch software and
replicate the main office SAN for geogrpahical site redundancy (e.g
fire
at
the main office). In this manner, I am not sure if I should make the
colo
a
new site or keep on my local first-name site. It will in essence act as
if
local.

Does that make more sense?

"Jorge Silva" wrote:

Hi
I don't know if I understand you correctly, are you planning to
shutdown
the
Top root domain?
Reconsider your domain design, and, if possible have at least 2 DCs
per
domain.
In Ad concern you should establish a Trust between the 2 forests, and
use
ADMT to migrate user, computer accounts, SIDs, etc... Then you can
still
use
it in both forests if you wish (in case of different forests).
If the main location is to be shutdown, you can't use the new domain
in
the
same forest because if you do so, you'll need the root domain, and
that
domain cannot be shutdown or you'll loose the forest.
--

I hope that the information above helps you.
Have a Nice day.
Jorge Silva
MCSE

"Vitaly" <Vit...@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:0ADFD717-A8D5-4425-AB52-662ECA643C7E@xxxxxxxxxxxxxxxx
Hey guys and gals,

We will be moving our office sometime in the next several months. I
have
been told that we will get a colocation for some servers to keep
running
during the transition. The bandwidth on the colo via VPN should be
about
10Mbps burstable.

Current network:
one domain controller (DC1)
oneExchangeServer (2K3 SP2) with data store locally (called
MailBE1)
oneExchangeServer (2K3 SP2) front end (called MailFE1)
slew of member servers

Colo Network:
new domain controller (DC2)
newExchange(2K3 or 2K7 Server) - MailBE2
newExchange(2K3 or 2K7) front-end server - MailFE2
smaller slew of servers

I haven't done a colo, so need a little guidance.
How the move will work is that the colo is going to go up. The main
location
is then going to go down. Roaming users will hit the colo from home
or
travel
as usual. As new departments starts at the new location they will
hit
the
colo. We will then move the 'old' servers to the new location and
then
have
the colo as a remote failover site.

To my understanding, I would need to do the following:
1. Create a second site in AD Sites and Services and the new subnet
(DC2)
2. Add the second DC to the domain and enable it to be a global
catalog
server.
3. Add the new coloExchangeserver to the domain.
4. Move theExchangemailboxes to the ColoExchangeserver (MailBE2)
5. Turn onExchangeFront End at Colo (MailFE2)
6. Shutdown the First site

Question:
1. Do I have to designate the DC2 as the infrastructure master since
DC1
will be down for a period of time? Do I need to do the same for the
RID
or
PDC role?
2. How do setup the replication between the two sites for synch? Is
this
in
the Sites and Services Bridgehead role?
3. How can I test that DC2 will take over all authentication when
the
old
site goes down? Is there a way to simulate this?
4. AD handles all the routing forExchangemailbox locations. Is
there
anything special I need to do in all the users' Outlook clients, or
will
they
search for the newExchangeserver automatically after AD learns
about
the
mailbox move to the colo?

Sorry, I know this is long-winded, but would like to get a feel for
doing
this the right and best practices way. Please let me know if there
is
anything I left out and I will fill in the blanks.

Thanks in advance as always!- Hide quoted text -

- Show quoted text -

Not true. If you use Move Mailbox, the Outlook clients will
automatically be reconfigured. Obviously any OWA clients will need to
hit the new FE server instead of the old FE server. You can either
update DNS or give out a new address.

I suggest you put up your Colo and move your mailboxes well before you
plan to shut down the main site. As a test, about a week or two
before the move, I would shut down all of the servers in your primary
site and see how things run. If there are problems, at least you have
a week to figure them out before the big move.

David A. Bermingham, MCSE, MCSA:Messaging
Director of Product Management, Windows Solutions Marketing
www.steeleye.com

.

Relevant Pages

  • Re: Need Colocation Active Directory setup help
    ... If you move the Mailboxes to new server, the clients will need to be re-pointed. ... You search for GPO Adm templates to help you with automatic configuration for exchange clients. ... > forest will stay intact. ... the Colo site will act as local. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Need Colocation Active Directory setup help
    ... pointed to the new server? ... That is something that AD handles for Exchange, ... forest will stay intact. ... 192.168.8/24 which will be the colo site, ...
    (microsoft.public.windows.server.active_directory)
  • Re: Correct DNS / WINS configuration for Domain members
    ... Well, it is either a client or a server configuration problem, unless ... You might want the DHCP to do the registration for the DHCP ... that has multiple AD forests and many servers and clients ... Now our WINS services are not currently tied to an AD forest, ...
    (microsoft.public.windows.server.dns)
  • Re: Migrating users to other forest. Should I remove Advanced client on all computers?
    ... or forest, as long as the new forest schema is prepared, the domain ... AD objects), the SMS site code is not changing, and the site ... boundaries are updated to reflect the new subnets and AD sites, the clients ... it will access the server via HTTP just like it did ...
    (microsoft.public.sms.admin)
  • Re: Migrating users to other forest. Should I remove Advanced client on all computers?
    ... > I plan to move computer account to the new forest. ... Then you will have to redeploy your clients. ... They won't be able to find the new server since the Active Directory ...
    (microsoft.public.sms.admin)