AD/Network design question

Hello all

I have a 2 sites which users come and go from.  These sites have 2 different 
network ip domains (192.168.1.x and 192.168.2.x). Users need to be 
authenticated using the same user id and password at both sites.  DC/GC is at 
192.168.1.x and is a SBS 2003.  Server at 192.168.2.x is Server 2003.  

When the server at 192.168.2.x is connected via vpn to 192.168.1.x all is 
well.

How do I get the server at 192.168.2.x to act as a AD/DC when it’s not 
connected to 192.168.1.x ?


Thank you
Hal
0
Utf
1/26/2010 8:32:06 PM
windows.server.active_director 902 articles. 0 followers. Follow

4 Replies
813 Views

Similar Articles

[PageSpeed] 14

I think you will run here into the limitations of SBS :-(

@ SBS experts : is it possible to promote an additional domain controller ?
If the answer here is yes, then you should have your solution.

Regards
Ramazan

"Help me" <Helpme@discussions.microsoft.com> wrote in message 
news:B72AD1D9-5033-4821-9FFD-7AA56E1085BC@microsoft.com...
> Hello all
>
> I have a 2 sites which users come and go from.  These sites have 2 
> different
> network ip domains (192.168.1.x and 192.168.2.x). Users need to be
> authenticated using the same user id and password at both sites.  DC/GC is 
> at
> 192.168.1.x and is a SBS 2003.  Server at 192.168.2.x is Server 2003.
>
> When the server at 192.168.2.x is connected via vpn to 192.168.1.x all is
> well.
>
> How do I get the server at 192.168.2.x to act as a AD/DC when it’s not
> connected to 192.168.1.x ?
>
>
> Thank you
> Hal 

0
RCan
1/26/2010 7:53:59 PM
Hello Help,

It sounds that the second server x.x.2.x is not a DC so make sure it point 
to the SBS machine for DNS as preferred only and run dcpromo on it to make 
it domain controller. Then make sure before the SBS server uses AD integrated 
zones and install DNS server role on the x.x.2.x server. If this is done 
make it also Global catalog server. Now reconfigure all machines in that 
site to use the x.x.2.2 DC as preferred and the SBS machine as secondary 
on the NICs DNS settings.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers 
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm 


> Hello all
> 
> I have a 2 sites which users come and go from.  These sites have 2
> different network ip domains (192.168.1.x and 192.168.2.x). Users need
> to be authenticated using the same user id and password at both sites.
> DC/GC is at 192.168.1.x and is a SBS 2003.  Server at 192.168.2.x is
> Server 2003.
> 
> When the server at 192.168.2.x is connected via vpn to 192.168.1.x all
> is well.
> 
> How do I get the server at 192.168.2.x to act as a AD/DC when it's not
> connected to 192.168.1.x ?
> 
> Thank you
> Hal


0
Meinolf
1/26/2010 8:59:36 PM
System at x.x.2.x is Server 2003. There are less then 75 total user.  Server 
at x.x.1.x is SBS 2003 r2 and has all rolls.  The issue seems to be that the 
server at x.x.2.x is not being considered as a server which can aauthenticate.

If I dcpromo it and downgrade it back to being a server which has its own 
dns and dhcp connected to the x.x.1.x server. Do a reboot.  Reconnect the vpn 
and dcpromo it back to being a dc will this fix my problem of usings not 
being able to authenticate when the 2 servers are not connected ?

"Meinolf Weber [MVP-DS]" wrote:

> Hello Help,
> 
> It sounds that the second server x.x.2.x is not a DC so make sure it point 
> to the SBS machine for DNS as preferred only and run dcpromo on it to make 
> it domain controller. Then make sure before the SBS server uses AD integrated 
> zones and install DNS server role on the x.x.2.x server. If this is done 
> make it also Global catalog server. Now reconfigure all machines in that 
> site to use the x.x.2.2 DC as preferred and the SBS machine as secondary 
> on the NICs DNS settings.
> 
> Best regards
> 
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and confers 
> no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm 
> 
> 
> > Hello all
> > 
> > I have a 2 sites which users come and go from.  These sites have 2
> > different network ip domains (192.168.1.x and 192.168.2.x). Users need
> > to be authenticated using the same user id and password at both sites.
> > DC/GC is at 192.168.1.x and is a SBS 2003.  Server at 192.168.2.x is
> > Server 2003.
> > 
> > When the server at 192.168.2.x is connected via vpn to 192.168.1.x all
> > is well.
> > 
> > How do I get the server at 192.168.2.x to act as a AD/DC when it's not
> > connected to 192.168.1.x ?
> > 
> > Thank you
> > Hal
> 
> 
> .
> 
0
Utf
1/27/2010 1:46:01 AM
I have created 2 subnet records x.x.1.x and x.x.2.x on the gc system. As per 
the instructions on the website you sent me.

In the dns of x.x.1.0 there are (a) records for x.x.2.x.  It is not listed 
as a SOA.
In addition the server at x.x.2.x named server2 is listed int the _msdcs, 
domains, gc, sites , _tcp (there is a record _ldap for server2 in this level) 
and udp records.

It is not listed in the pdc  ldap records.

Thank you for your advice and support
Hal

"Meinolf Weber [MVP-DS]" wrote:

> Hello Help,
> 
> To authenticate to the second DC make sure it is DNS server and Gobal catalog 
> as said before. If you configure AD sites and services with the subnet and 
> the site correct and move the DC to the correct, then the user in that site 
> will use the site DC first and if it doesn't rresponse it uses the other 
> DC if reachable.
> 
> See here about AD sites and services configuration:
> http://technet.microsoft.com/en-us/library/cc755768(WS.10).aspx
> 
> Best regards
> 
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and confers 
> no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm 
> 
> 
> > System at x.x.2.x is Server 2003. There are less then 75 total user.
> > Server at x.x.1.x is SBS 2003 r2 and has all rolls.  The issue seems
> > to be that the server at x.x.2.x is not being considered as a server
> > which can aauthenticate.
> > 
> > If I dcpromo it and downgrade it back to being a server which has its
> > own dns and dhcp connected to the x.x.1.x server. Do a reboot.
> > Reconnect the vpn and dcpromo it back to being a dc will this fix my
> > problem of usings not being able to authenticate when the 2 servers
> > are not connected ?
> > 
> > "Meinolf Weber [MVP-DS]" wrote:
> > 
> >> Hello Help,
> >> 
> >> It sounds that the second server x.x.2.x is not a DC so make sure it
> >> point to the SBS machine for DNS as preferred only and run dcpromo on
> >> it to make it domain controller. Then make sure before the SBS server
> >> uses AD integrated zones and install DNS server role on the x.x.2.x
> >> server. If this is done make it also Global catalog server. Now
> >> reconfigure all machines in that site to use the x.x.2.2 DC as
> >> preferred and the SBS machine as secondary on the NICs DNS settings.
> >> 
> >> Best regards
> >> 
> >> Meinolf Weber
> >> Disclaimer: This posting is provided "AS IS" with no warranties, and
> >> confers
> >> no rights.
> >> ** Please do NOT email, only reply to Newsgroups
> >> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
> >>> Hello all
> >>> 
> >>> I have a 2 sites which users come and go from.  These sites have 2
> >>> different network ip domains (192.168.1.x and 192.168.2.x). Users
> >>> need to be authenticated using the same user id and password at both
> >>> sites. DC/GC is at 192.168.1.x and is a SBS 2003.  Server at
> >>> 192.168.2.x is Server 2003.
> >>> 
> >>> When the server at 192.168.2.x is connected via vpn to 192.168.1.x
> >>> all is well.
> >>> 
> >>> How do I get the server at 192.168.2.x to act as a AD/DC when it's
> >>> not connected to 192.168.1.x ?
> >>> 
> >>> Thank you
> >>> Hal
> >> .
> >> 
> 
> 
> .
> 
0
Utf
1/28/2010 12:15:01 AM
Reply:

Similar Artilces: