Adding 2008 DC to a firewalled Child Domain
Okay.. So we have all the firewall ports open for AD/DNS and replication thats is fine... however... we cant route to all the subnets that the child domain DC's are on.. I think thats where we are failing. We moved the FSMO roles to the DC on the segment that we can reach, but when looking at the netmon the DC we're promoting is trying to reach the DC's on the network that we cant route.
So i'll explain..
Promoting DC IP : 1.x.x.x
Firewall is open to these DC's in the root/child domains and communication is fine :thumbup1: :
2.x.x.x (Has FSMO)
3.x.x.x
4.x.x.x
5.x.x.x
Now when we try to promote the DC on the other network t tries to reach un-routable networks :no: :
6.x.x.x
7.x.x.x
My question how do i make sure that the DC i'm promoting only looks at the 2/3/4/5 DC's and ignores the others? :blink:
Re: Adding 2008 DC to a firewalled Child Domain
is this in the correct forum area?
Re: Adding 2008 DC to a firewalled Child Domain
In order to create a child domain on your network, you will need another server, or rather a Domain Controller. You can build that DC in your main office and then ship it out to the new office. This DC will also be a Global Catalog as well as DNS Server to assist all the clients in the new office with any DNS requests, etc. You also need to prepare your current network for the new sub domain.
Re: Adding 2008 DC to a firewalled Child Domain
The new DC is going to be a member of an existing child domain... But on the other side of the firewall that network cant see all the domain controllers on ourside.
so two networks..
Network A has 10 DC's... in a child domain
Network B (where we want to build an additional DC) can only see a 7 of the 10 DC's on Network A and the DCPROMO is failing with an RPC error.
I want to make sure that the DC doesnt even try to commuinicate to the three DC's it cant see. but only the FSMO role holders in that domain.
