adding domain controller [sbs 2003 r2]

I'm looking for a guide/tips on adding a Windows 2003 Standard server as
a secondary domain controller to an SBS 2003 R2 server. The secondary
domain controller will reside in a branch office connected to our main
office via a dedicated VPN tunnel.

I've read through the general process (dcpromo), but I just need to know
if there is anything extra I need to know with the SBS R2 to 2003
Standard factor. Also, I'm curious about how DNS would need to be
configured on the secondary domain controller/branch office since DHCP
and DNS are currently handled by a hardware router.

Thanks in advance.

Do the initial setup in the main office. In addition to a DC, make it a DNS server and Global Catalog server and WINS server.

Do not make it a DHCP server at this point

You will want a hardware to hardware VPN connection between both offices. Then take it to the remote office (the IP Schema for it will need to change when you get it the remote office The IP subnet for the branch office cannot be the same as the main office. Then you can make it a DHCP server for the remote office.

--
Cris Hanna [SBS - MVP] (since 1997)
Co-Contributor, Windows Small Business Server 2008 Unleashed
http://www.amazon.com/Windows-Small-...7269967&sr=8-1
Owner, CPU Services, Belleville, IL
A Microsoft Registered Partner
------------------------------------
MVPs do not work for Microsoft
Please do not submit questions directly to me.

"ERG" <erg@noreply.net> wrote in message news:%23CSMy4OSKHA.5108@TK2MSFTNGP02.phx.gbl...
I'm looking for a guide/tips on adding a Windows 2003 Standard server as
a secondary domain controller to an SBS 2003 R2 server. The secondary
domain controller will reside in a branch office connected to our main
office via a dedicated VPN tunnel.

I've read through the general process (dcpromo), but I just need to know
if there is anything extra I need to know with the SBS R2 to 2003
Standard factor. Also, I'm curious about how DNS would need to be
configured on the secondary domain controller/branch office since DHCP
and DNS are currently handled by a hardware router.

Thanks in advance.

Maybe some guidance here...

An Alternative Approach to Building an SBS Branch Office
http://windowsitpro.com/article/arti...ch-office.html

--
Merv Porter [SBS-MVP]
============================

"ERG" <erg@noreply.net> wrote in message
news:#CSMy4OSKHA.5108@TK2MSFTNGP02.phx.gbl...
> I'm looking for a guide/tips on adding a Windows 2003 Standard server as a
> secondary domain controller to an SBS 2003 R2 server. The secondary
> domain controller will reside in a branch office connected to our main
> office via a dedicated VPN tunnel.
>
> I've read through the general process (dcpromo), but I just need to know
> if there is anything extra I need to know with the SBS R2 to 2003 Standard
> factor. Also, I'm curious about how DNS would need to be configured on
> the secondary domain controller/branch office since DHCP and DNS are
> currently handled by a hardware router.
>
> Thanks in advance.
>
>
>
>

ERG wrote:
> I'm looking for a guide/tips on adding a Windows 2003 Standard server
> as a secondary domain controller to an SBS 2003 R2 server. The
> secondary domain controller will reside in a branch office connected
> to our main office via a dedicated VPN tunnel.
>
> I've read through the general process (dcpromo), but I just need to
> know if there is anything extra I need to know with the SBS R2 to 2003
> Standard factor. Also, I'm curious about how DNS would need to be
> configured on the secondary domain controller/branch office since DHCP
> and DNS are currently handled by a hardware router.
>
> Thanks in advance.


You're very likely going to need to change the "DNS are currently handled by
a hardware router" configuration unless I misinterpret what you mean by
that. I don't know of any routers that can properly handle a dynamic update
enabled DNS zone and replicate it to another DNS server. You'll need that
capability to successfully do a branch office AD domain controller.

Better to switch to a WIndows AD integrated DNS zone and let AD replication
handle it with the branch office DC.
- Again, unless I misunderstood the meaning of "DNS are currently handled by
a hardware router".
--
/kj

kj [SBS MVP] wrote:
> ERG wrote:
>> I'm looking for a guide/tips on adding a Windows 2003 Standard server
>> as a secondary domain controller to an SBS 2003 R2 server. The
>> secondary domain controller will reside in a branch office connected
>> to our main office via a dedicated VPN tunnel.
>>
>> I've read through the general process (dcpromo), but I just need to
>> know if there is anything extra I need to know with the SBS R2 to 2003
>> Standard factor. Also, I'm curious about how DNS would need to be
>> configured on the secondary domain controller/branch office since DHCP
>> and DNS are currently handled by a hardware router.
>>
>> Thanks in advance.
>
>
> You're very likely going to need to change the "DNS are currently handled by
> a hardware router" configuration unless I misinterpret what you mean by
> that. I don't know of any routers that can properly handle a dynamic update
> enabled DNS zone and replicate it to another DNS server. You'll need that
> capability to successfully do a branch office AD domain controller.
>
> Better to switch to a WIndows AD integrated DNS zone and let AD replication
> handle it with the branch office DC.
> - Again, unless I misunderstood the meaning of "DNS are currently handled by
> a hardware router".
Thanks everyone. To clarify, there is a hardware VPN connection between
the offices.

Why is it not recommended to run dcpromo from the branch office? It's
possible for me to get the server back here, but I'd rather not.

My plan is to switch to a Windows AD integrated DNS zone after I
successfully run configure dcpromo + global catalog + WINS + DNS + DHCP.
The hardware managed DNS and DHCP will be disabled.

ERG wrote:
> kj [SBS MVP] wrote:
>> ERG wrote:
>>> I'm looking for a guide/tips on adding a Windows 2003 Standard
>>> server as a secondary domain controller to an SBS 2003 R2 server. The
>>> secondary domain controller will reside in a branch office
>>> connected to our main office via a dedicated VPN tunnel.
>>>
>>> I've read through the general process (dcpromo), but I just need to
>>> know if there is anything extra I need to know with the SBS R2 to
>>> 2003 Standard factor. Also, I'm curious about how DNS would need
>>> to be configured on the secondary domain controller/branch office
>>> since DHCP and DNS are currently handled by a hardware router.
>>>
>>> Thanks in advance.
>>
>>
>> You're very likely going to need to change the "DNS are currently
>> handled by a hardware router" configuration unless I misinterpret
>> what you mean by that. I don't know of any routers that can properly
>> handle a dynamic update enabled DNS zone and replicate it to another
>> DNS server. You'll need that capability to successfully do a branch
>> office AD domain controller. Better to switch to a WIndows AD integrated
>> DNS zone and let AD
>> replication handle it with the branch office DC.
>> - Again, unless I misunderstood the meaning of "DNS are currently
>> handled by a hardware router".
> Thanks everyone. To clarify, there is a hardware VPN connection
> between the offices.
>
> Why is it not recommended to run dcpromo from the branch office? It's
> possible for me to get the server back here, but I'd rather not.
>
> My plan is to switch to a Windows AD integrated DNS zone after I
> successfully run configure dcpromo + global catalog + WINS + DNS +
> DHCP. The hardware managed DNS and DHCP will be disabled.

The promotion process (sucessfull) requires the new DC to register new SRV
(and others) in DNS. If you don't have an dynamic updatable DNS zone at that
point it will fail or you will have to hand create them all.

It is possible to promote remotely and would be successfull if everything is
working correctly. If it's not you may be making a trip to resolve issues.
One of the reasons it is often recommended to promote locally and then
relocate the new DC after.

Highly recommend getting your infrastructure fully AD integrated *before*
adding any new DC's. You'll find it it much simpler and with fewer 'events'
than (trying) doing after.


--
/kj