[woodgrain]

I've been asked to setup a 2nd site to our office, I've never done this before, only done internal servers, so could really use some help.

There will be a firewall device at each end that will establish a site to site VPN for connectivity between the 2 sites.

How should I configure each site?
I know this will vary from site to site, I know this, I'm just wanting to learn the min requirements to make it all work, I can look at customising for our needs later. I'm after quite ganular information, ie, the order to set up each component & how to do it, click by click.
____________________________________________

Let's call them
SITE1:
- DNS: site1.company.local
- Server Name: SVR1
- Server IP: 192.168.4.2
- 2003 domain with 2 DCs in 2003 mode
- 192.168.4.0/24
- VPN/Router/Firewall/Gateway IP: 192.168.4.1
SITE2
- DNS: site2.company.local
- Server Name: SVR2
- Server IP: 192.168.5.2
- 192.168.5.0/24
- VPN/Router/Firewall/Gateway IP: 192.168.5.1
____________________________________________
I've included as much info as I can think of, let me knwo if you need any other details (or feel free to make up details for the scenario).

Components that come to mind are:
* Domain Controller setup
* Forest/domain setup
* DNS
* AD Domains & Trusts
* AD Sites & Services

Thanks very much for any help, I'm in a really tight bind here!

[anil.colaco]

hi,

a little clarification,

are both sites being setup from scratch
or site 1 is up n running
and site2 is in deployment phase.

[Ossian]

You will need to tell us the make and model of your firewall devices, and I don't think anyone will give you "click by click" instructions

Have you thought of bringing in a consultant?

[woodgrain]

site 1 is up n running and site2 is in deployment phase The firewall devices are being setup by a consultant, it's just the windows configuration that I need to do.

[Ossian]

OK --sorry
How comfortable are you setting up an additional Domain Controller in an existing site?
There really are few differences except you will set up a second DHCP server for 192.168.5.x at the second site
The only other thing is to allow plenty of time for replication -- dont be impatient!

[woodgrain]

I've setup multiple DCs internally before, that's no problem as most of that is automated, but for a branch site I'm not sure how to configure DNS, forwarding, sites & services, domains & trusts, subnets, etc? I've only ever setup multi DCs in the same domain.

[Ossian]

OK, rough summary, and will help you elaborate
On your main site DC
go to ADSS and make sure main and branch site are created, with correct subnets assigned to them
go to DNS and create reverse lookup zones (AD integrated) for each subnet
If you can, build the branch office DC and join to domain as member server but (IMHO) do not DCPromo yet

At the branch office:
Switch on new DC (still a member server) adn configure IP address to new site
Make sure new DC has main site DC as its primary DNS server
Check VPN is established and that you can ping main site DC by both names (server and server.domain.local)
DCPromo (will be slower than in one site)
In ADSS, check it is in the correct site, make it a GC and check that site links have been created from old to new and new to old (manually create them on both DCs if needed)
Create test objects in AD at both ends and wait until they have replicated to the other server - be patient
Install DNS but dont do any configuration except root hints and checking it is AD integrated
Wait, wait, wait for DNS replication to occur -- leave it 24 hours if needed
Change networking on new DC to point to itself for first DNS server and main site DC as second

Thats basically it -- someone will fill in the gaps for you

[woodgrain]

Thanks for that overview.
I'm in the process of setting up a Windows Virtual Server to run a test setup (just having some difficulty getting the virtual server networked with the host..).

Below is what I originally noted down as my plan of attack, I will compare it with what you mentioned & post any questions, but from a quick read it looks similar, I was just adding more detail when I put it together.

Feel free to do the same by posting comments, corrections, or reordering.
Thanks for your assistance.
_____________________

* Install Windows Server (2003 std)
* Establish the VPN connection
* Ping SITE1
* Promote the server to DC with DNS AD integration
* Set the DNS as an AD Interated secondary server
* Configure DNS conditional forwarding for site1.company.local and company.local to go to SITE1 DNS server to resolve. (Clients would only need to be configured to point to the local DNS).
* ADDT (at both sites) - RC domain name - Properties - Trusts - New Trust - "site1.company.local" - Next - Trust with a windows domain - "site1.company.local" - finish
* ADSS ?? I'm sure we'd have to setup something here?!
* Rename "Default-First-Site-Name" to "SITE2-company-local"
* RC Sites - New Site - name "SITE1-Company-local" - select "DefaultIPSiteLink" - OK
* Under the new site RC Servers - New-Server - "SVR1.SITE1.company.local" - OK
* RC Subnets - New Subnet - 192.168.4.0/24 - Select "SITE1-Company-local" - OK
* RC Subnets - New Subnet - 192.168.5.0/24 - Select "SITE2-Company-local" - OK
* I'm not sure what to do with "SITE2-Company-local" - Servers - RC SVR2 - Properties - Transports?
* "SITE2-Company-local" - Servers - SVR2 -RC NTDS Settings - New AD Domain Services Connection - Select SVR1 - OK

[Ossian]

Most of what you are doing looks similar except

Quote:

ADDT (at both sites) - RC domain name - Properties - Trusts - New Trust - "site1.company.local" - Next - Trust with a windows domain - "site1.company.local" - finish

Are you wanting 2 domains (company.local at main site and site1.company.local at remote site)?
If so, WHY? -- you do not need a new domain for an additional site

[woodgrain]

Yeah, fair enough.
I was planning on setting up a 2nd domain as the rate of growth is quite large. I guess I could look at setting up a 2nd domain later if the rate of growth continues. They are in different states too.