Win2k Server - Domain Setup

[Emperor Jashugan]

I want to setup Win2k server in two locations: California and New Jersey. Right now there is no communication between the two locations, because we haven't installed T1 yet. T1 will be installed in about 5-6 months. How should I setup the domains for each location if I want to later use VPN so that the two domains can communicate?

Our company has reskit.com (name changed) registered, but it will be hosted by Interland.

From what I understand, if there is no communication between the two locations, I will have to setup two separate domains each in their own forest. Is this right? If that is the case will I run across any problems setting up VPN down the line?

 

[Marqui]

<< I want to setup Win2k server in two locations: California and New Jersey. Right now there is no communication between the two locations, because we haven't installed T1 yet. T1 will be installed in about 5-6 months. How should I setup the domains for each location if I want to later use VPN so that the two domains can communicate?

Our company has reskit.com (name changed) registered, but it will be hosted by Interland.

From what I understand, if there is no communication between the two locations, I will have to setup two separate domains each in their own forest. Is this right? If that is the case will I run across any problems setting up VPN down the line? >>



No, only 1 forest ... but deploying can be done a bunch of different ways... not sure how large your infrastructure and what it consists of to give you good enough advice...

 

[Rogue]

You could use something as trivial as a 56k dial-up account to synch the domain on a defined schedule, depending on how often users are added and domain-level changes are made. Dial each ADC up to a local ISP in each location and then VPN to one or the other for a makeshift data circuit. There are lots of possibilities. Consider DSL or cable for this purpose even, provided they are available, which being in New Jersey and California and depending on your location, neither should be hard to get.

 

[Emperor Jashugan]

Our infrastructure is relatively small. About 30 users in New Jersey and about 20 users in California. Speaking to another member it was suggested that I register another domain name to be used internally (eg. reskitp.net), because we are having a web hosting company handle reskit.com. Do you guys think this is a good idea? We have SDSL in New Jersey, but our location in California prevents us from receiving SDSL, cable modem, wireless broadband. We are waiting to see if these become available but are considering T1 down the line, if that is our only option. I've decided (after some advice from &quot;Woodie&quot that one domain with two different sites would be the best configuration. My primary question revolves around adding the DC in California to the &quot;reskitp.net&quot; domain controlled by the DC in New Jersey. What is the best way to setup/configure the DC's to create a &quot;makeshift data circuit&quot;? What precautions should I take in terms of security?

Thanks so much already.

 

[Woodie]

Ahhh. I found your thread

The suggestion about a 56K scheduled dial-up from Cal to NJ sounds pretty reasonable. Inter-site replication can be configured in that way. Would certainly enable you to start putting your users into a single domain now, so they don't have to change later, with the installation of a T1 or something.

You'll need to make sure your users are aware of the location of servers/resources, so they aren't triggering the dial-up unnecessarily.

--Woodie

 

[Emperor Jashugan]

Here's what people have tole me so far:
** DC#1 - New Jersey, DC#2 - California **
1. Register a domain name, reskitp.net, because reskit.com is hosted by the web hosting company.
2. Setup DC#1 in New Jersey and configure it for the domain &quot;reskitp.net&quot;. 3. Rename &quot;Default-First-Site-Name&quot; to &quot;New Jersey&quot;.
4. Assign the subnet used by the New Jersey computers to the &quot;New Jersey&quot; site.
5. Populate the &quot;reskitp.net&quot; domain with users and computers.
6. Setup some sort of connection between DC#1 and DC#2 (here's where I don't know what to do)
7. Add the site &quot;California&quot; to the domain.
8. Setup DC#2 in California as an additional DC for &quot;reskitp.net&quot;.
9. Assign the subnet used the California computers to &quot;California&quot; site.
10. Setup replication between the two sites (SMTP)

I'm not clear on setting up SMTP bridge server, but I feel that would be done at step 6, right? Please let me know if this plan sounds alright so far. I really need help figuring out what to do at Step 6. Eventually I would like to create a VPN between the two locations. Right now New Jersey has SDSL and California has dial-up. Is it possible to setup VPN right now using these type of connections? What is involved?

Jashugan

 

[Emperor Jashugan]

Shadow07 said:


<< What you will need is a router to create two different subnets so you can create the two different SITES. These sites will be created in Active Directory Sites and Services MMC. There, after you create the two sites you want, move the server objects to the correct SITE you want them to be in. Then, under the SITE name, then SERVERS, right-click on the server name and goto the properties of the server object. There, you will be able to add the transport protocol (SMTP) to the list of protocols that server will be the bridge server for. Also, after you have edited the server properties, expand the server object and then edit the properties of the NTDS object. Make sure that BOTH servers are a Global Catalog server.

This step will actually be in STEP 4.

Also, do you have a domain that is registered out on the Internet? If not, don't go through the trouble of registering a domain. Just use COMPANY.USA as your domain name. Or, if you do have a domain registered, create a CORP domain under your primary domain name. For example, if you were to use RESKITP.NET, your INTERNAL domain will be CORP.RESKITP.NET. If you create a PRIVATE internal DNS server and you have an external domain with a website, you will cause more headaches than you will want.

Let me know if you have anymore questions.

I am going to post this on the thread so everyone can read this.

SMTP should ONLY be used for dial-up connections or connections that ARE VERY SLOW, like 9Kb or lower. When you want to create and design your VPN connection, post another thread and CTR, Spidey, and I will give you our suggestions. >>

 

[Woodie]

Nice detail from Shadow07...don't do anything with step #6.
Good idea on domain name structure. Just try to pick short names, as whenever you have to type it, it becomes a PITA.

What kind of IP address do the machine in &quot;California&quot; get when they dial-up? Are they dialing into NJ? or directly to the Internet? I'm wondering if you can assign the ISP IP address/subnet to your AD as a second site, without a VPN? Not sure that this is a great idea--means you have to open a bunch of internet ports. The more I think about it, it's a BAD idea--across the internet. If they're dialing via RAS, you may be able to do it.

More detail, please.

--Woodie

 

[Emperor Jashugan]

So is priv.reskit.com ok??? I think that this would be easier than registering another domain name on the internet. However if it is easier to register another domain name, I'm willing to do that.

Ok... Here are the connection details...
California
- Satellite Modem shared through Netgear FR 314 Router/Firewall.
- Upstream: 56k
- Downstream: 500k

New Jersey
- SDSL shared through Netopia DSL router
- Upstream: 384k
- Downstream: 384k

Woodie, what do you mean about not doing anything with Step #6???

BTW I'm shipping the server in New Jersey over to California so I can set them both up over here. However I'd like to set it up in a similar way that they will be communicating when the server is returned to New Jersey. Any suggestions?

 

[Woodie]

Step 6 really comes after 8: you can't configure how the DC's talk (replicate) to each other until they're set up.

Building the second DC in the same physical location is a smart idea. Here's how you do it:
1. Create the Domain, and the site (California). Associate the appropriate subnets to the site.
2. Create a new segment, with a new subnet. (This is just a temporary one--it represents the second site--NJ)
3. Create the second site (New Jersey). Associate the new segment with it.
4. Install the second server on the new segment, which will put it into the NJ site.
5. Install the AD. This will allow &quot;normal&quot; (rpc) type replication to populate this DC with all the stuff from the first one you built.
6. Add DNS services, or any distribute services you plan to have on this one.
7. Now, configure the replication from site1 to site2 to whatever you want (SMTP, etc...). Note: Wait for a while before you do this, so that all the build-related replication is done at the higher LAN-based speeds. This step will take some tweaking, trial &amp; error.
8. Once 7 is done, and your satisfied with the replication frequency and volume, you can arrange to ship your server. This should be:
A. Add the NJ subnets to the NJ site.
B. Change the IP address on the NJ DC, then shut it down.
C. Ship the server.
D. Bring up the NJ DC with it's new IP address, on it's new segment.
E. Check replication, DNS, access, etc...
9. Fix whatever little problems occur, since these things never go completely smoothly.
10. Buy us all a beer.

--Woodie

 

[Emperor Jashugan]

Thanks everyone.

I'm going to give it a try now, using corp.reskit.com as the domain name. I hope this won't cause problems since reskit.com is registered and is being hosted by an web hosting company. I'll post on this board when I come across any problems.

Thanks so far,
Jashugan.

BTW... What's your choice of beer?