Re: Site Creation
- From: "T. Uranjek" <toniuranjek@xxxxxxxxxxx>
- Date: Tue, 21 Nov 2006 16:11:29 +0100
Hi, Russ!
This part is fairly simple. Associate ALL your NY subnets with NY site and
associate ALL your CO subnets with CO-site. If you will be installing CO-DC
in NY-site, the only thing that you sholud do after moving CO-DC phsycaly to
CO location is to move DC account in Active directory services and sites,
change IP and reboot CO-DC. Alright?
Toni
"Russ" <russell_munisteri@xxxxxxxx> wrote in message
news:OOc5yMXDHHA.3524@xxxxxxxxxxxxxxxxxxxxxxx
OK, I created a site and entered the subnet of what my CO location will
be. Now, when I go to the properties of the subnet, do I choose the NY or
CO for the site? I'm thinking NY because the 192.168.200.x subnet has to
be associated with NY, right?
"T. Uranjek" <toniuranjek@xxxxxxxxxxx> wrote in message
news:O51lTsTDHHA.3600@xxxxxxxxxxxxxxxxxxxxxxx
Yes. Restart (of machine or just Netlogon service) will take care of
reregistering appropriate SRV records in DNS.
HTH
Toni
"Russ" <russell_munisteri@xxxxxxxx> wrote in message
news:OyUZITODHHA.3212@xxxxxxxxxxxxxxxxxxxxxxx
Toni, if I build the DC on the 192,168.1.x subnet, can I change the ip
address of the DC to 192.168.200.202 (example) afterwards?
"T. Uranjek" <toniuranjek@xxxxxxxxxxx> wrote in message
news:ODdKt8MDHHA.3660@xxxxxxxxxxxxxxxxxxxxxxx
Hi!
Internal DNS will resolve al queries for your local DNS domain which is
needed for AD. CO-DC should point to itself as DNS forwarder, your zone
should be AD integrated, forwarder should be set to external (ISP) DNS.
That would be the perfect set up in my opinion.
HTH
Toni
"Russ" <russell_munisteri@xxxxxxxx> wrote in message
news:%23w0hckMDHHA.992@xxxxxxxxxxxxxxxxxxxxxxx
What about internal DNS?
"T. Uranjek" <toniuranjek@xxxxxxxxxxx> wrote in message
news:ORJy9bMDHHA.4728@xxxxxxxxxxxxxxxxxxxxxxx
Hi!
If there is direct access to internet on CO site, I would configure
forwarder on CO-DC to point to ISP DNS server. This solution should
be faster (otherwise your DNS queries will have to go through VPN
tunnel). And there is another benefit to this solution: NY site (or
VPN link) can go down and you will retain internet access in CO.
Toni
"Russ" <russell_munisteri@xxxxxxxx> wrote in message
news:OzDNOWMDHHA.1224@xxxxxxxxxxxxxxxxxxxxxxx
I would think the CO DC would point the my NY DC's? why wouldn't
they?
"T. Uranjek" <toniuranjek@xxxxxxxxxxx> wrote in message
news:eMk9$GMDHHA.2328@xxxxxxxxxxxxxxxxxxxxxxx
None. :D You should decide if forwader should point to external
(ISP) DNS or CO-DC's DNS should point to NY-DC. I would go with
external ISP.
Toni
"Russ" <russell_munisteri@xxxxxxxx> wrote in message
news:O%23lGz$LDHHA.4404@xxxxxxxxxxxxxxxxxxxxxxx
"The question that remains is the one regarding DNS
forwarder for CO DC"
What info do you need?
"T. Uranjek" <toniuranjek@xxxxxxxxxxx> wrote in message
news:er2AE2LDHHA.4228@xxxxxxxxxxxxxxxxxxxxxxx
Hi!
If all ports within tunnel are open, than you should be fine (if
i understand your network setup correctly). The only thing that
you should do is to set up new DC with correct IP and DNS address
before promoting it to DC. You can check name resolution with
nslookup. Before you run dcpromo on CO-DC, DNS should point to NY
DC. After setup is completed implement AD integrated DNS,
configure all CO clients to point to local DNS, configure CO DNS
to point to itself. The question that remains is the one
regarding DNS forwarder for CO DC.
Toni
"Russ" <russell_munisteri@xxxxxxxx> wrote in message
news:O2R1ibLDHHA.2328@xxxxxxxxxxxxxxxxxxxxxxx
Toni, within my VPN tunnel, all ports are opened. The VPN tunnel
is provided by two Cisco PIX firewalls. I have a few questions:
1) If I add a new site to my current AD setup, will that create
any type of problems? For example, down time? 2) Do I have to
create static mappings on my firewall from my current DC's to my
new DC in CO? Or do the DC's know where each other are no matter
where they are located?
"T. Uranjek" <toniuranjek@xxxxxxxxxxx> wrote in message
news:OyWvTWLDHHA.2328@xxxxxxxxxxxxxxxxxxxxxxx
Hi!
If you have VPN tunnel between sites this shouldn't be
necessary. If there is a firewall it should be confugured to
allow AD replication, please check these two articles:
http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirectory/deploy/confeat/adrepfir.mspx
and
http://support.microsoft.com/kb/179442
HTH
Toni
"Russ" <russell_munisteri@xxxxxxxx> wrote in message
news:ek1s3aKDHHA.4132@xxxxxxxxxxxxxxxxxxxxxxx
Would you know if I have to create any static mappins on the
firewall between the two DCs?
"Russ" <munruss@xxxxxxxxx> wrote in message
news:OrW9A2$CHHA.4680@xxxxxxxxxxxxxxxxxxxxxxx
No, the bandwidth is fine.
"T. Uranjek" <toniuranjek@xxxxxxxxxxx> wrote in message
news:eBFRmFpCHHA.3924@xxxxxxxxxxxxxxxxxxxxxxx
Hi!
That depends on available bandwidth of your WAN link and
size of Active Directory database. If WAN link is slow and
database is big, your suggestion is right. Otherwise you
could add new DC on CO location. Install Support Tools and
use Replication Monitor to monitor or force replication
after you're done.
HTH
Toni
"Russ" <russell_munisteri@xxxxxxxx> wrote in message
news:e6%23Ah9oCHHA.3524@xxxxxxxxxxxxxxxxxxxxxxx
Thank you Toni. The NY site is our current site and
running. I have to create the CO site now. Now, as far as
building the DC, should I promote my server to a DC while
on my NY domain and then move it to the CO site once I am
done?
"T. Uranjek" <toniuranjek@xxxxxxxxxxx> wrote in message
news:OXSQOfoCHHA.3380@xxxxxxxxxxxxxxxxxxxxxxx
Hi!
1. Create two sites (for example NY-Site, CO-Site).
2. Move DCs to appropriate sites.
3. Create and configure inter-site link.
4. Create subnet object 192.168.1.0/24 and link it to
NY-Site.
5. Create subnet object 192.168.100.0/24 and link it to
CO-Site.
You should use Active Directory Sites and Services to
perform these steps.
Note: You can rename "Default-First-Site-Name" to NY-Site.
HTH
Toni
"Russ" <russell_munisteri@xxxxxxxx> wrote in message
news:eXZyHDoCHHA.3836@xxxxxxxxxxxxxxxxxxxxxxx
I'm a bit confused with the steps that I have to take
with the following
senario:
In my current NY location, I have two Windows 2000 AC
domain controllers. I
have to setup a new site in CO. The CO office will have
about 20 employees.
I want to install a DC in CO and have it authticate users
there. The two
offices will communicate through a VPN tunnel, which is
proved by two Cisco
PIX firewalls. All ports within the VPN tunnel are open.
The subnet of the
CO clients are 192.168.100.x and the subnet of my current
location is
192.168.1.x.
Can the experts out there help me create this? Thank
you...
.
- Follow-Ups:
- Re: Site Creation
- From: Russ
- Re: Site Creation
- From: Russ
- Re: Site Creation
- References:
- Site Creation
- From: Russ
- Re: Site Creation
- From: T. Uranjek
- Re: Site Creation
- From: Russ
- Re: Site Creation
- From: T. Uranjek
- Re: Site Creation
- From: Russ
- Re: Site Creation
- From: Russ
- Re: Site Creation
- From: T. Uranjek
- Re: Site Creation
- From: Russ
- Re: Site Creation
- From: T. Uranjek
- Re: Site Creation
- From: Russ
- Re: Site Creation
- From: T. Uranjek
- Re: Site Creation
- From: Russ
- Re: Site Creation
- From: T. Uranjek
- Re: Site Creation
- From: Russ
- Re: Site Creation
- From: T. Uranjek
- Re: Site Creation
- From: Russ
- Re: Site Creation
- From: T. Uranjek
- Re: Site Creation
- From: Russ
- Site Creation
- Prev by Date: Re: Using SMTP for store and forward
- Next by Date: Re: Remote disable firewall NT 4.0 domain
- Previous by thread: Re: Site Creation
- Next by thread: Re: Site Creation
- Index(es):
Relevant Pages
|
