Ad Servers

[bodycare]

Heres the situation we currently have 1 domain controller in our domain which is on the internal network it SBS and does everthing e-mail etc, we have an external office in London and currently they link up via a VPN and 1MB broadband and pull everything from headoffice how would I go about adding a server in to the London office and linking it in to our forest ?

What comms would have to be in place etc regarding it has a totaly differrent IP's and such

Can anyone help or point me in the way of some good docs

 

[markdmac]

Create a site to site VPN connection and you should be able to run DCPROMO on the UK server.

I hope you find this post helpful.

Regards,

Mark

 

[MikeBatters]

As long as you have got routes etc between the two it is fairly straight forward as Mark describes.

The only other thing to add to Mark's note above would be to create separate site in the AD Sites & Services with teh appropriate IP subnet to make sure the clients authenticate to the correct servers etc. As well as the DCPROMO its probably worth putting DNS & DHCP in as well.

Mike

*************************************

Remember - There is always another way..........I just haven't found out what it is yet!

 

[bodycare]

Do you have some good instructions on how to do this and does SBS support this

 

[MikeBatters]

bodycare,

There are lots of ways of doing this - just depends on what you have already got in place and how secure you want things to be.

For example - I would not create a site-to-site VPN using the Windows Servers themselves becuase that would mean plugging your server directly in to the internet connection which isn't really secure.

Personally i would look at some of the smaller Firewall/VPN Appliances (such as CyberGuard SG Unit [formerly SnapGear] or Equiinet NetPilot Remote) to secure the DSL Service and create the VPN. Then you just treat the Firewall/VPN as a standard Router and join the domain etc etc

Mike

*************************************

Remember - There is always another way..........I just haven't found out what it is yet!

 

[bodycare]

At the minute in headoffice we have our server as an IAS server and all traffic goes through that how do I go about setting up another server in the same forest in our London office ?

 

[MikeBatters]

Is the IAS server directly connected to the Internet or is there a firewall in between?

Mike

*************************************

Remember - There is always another way..........I just haven't found out what it is yet!

 

[bodycare]

IAS is the firewall !!!

 

[markdmac]

OK, so you have SBS Premium with ISA (Internet Security and Acceleration server).

You first need to run the Internet Connection Wizard on the SBS box (located in SBS ToDO List) and choose to allow VPN.

Manually create a VPN connection on the new server (this one will be temporary) under network connections and once connected to the main office you should be able to run DC promo.

Install ISA on the new server and then configure it for VPN.

You will find a good tutorial with all the needed steps here:

http://www.isaserver.org/tutorials/2004ipsectunnelmode.html

I hope you find this post helpful.

Regards,

Mark

 

[bodycare]

So if I do this and have a AD server combined with exchange on it the users in London should then not have to connect to VPN even to access file here in HQ ??

 

[markdmac]

I did not say that.

Once you have the server joined to the domain and have ISA on it, you will have the two ISA servers talk to each other via VPN.

Having a DC in London will cut down on trafic because your users will authenticate locally. If it is the same domain name for email at both locations, then your mail is going to have to flow over the VPN to be routed from the SBS server to the London server.

I hope you find this post helpful.

Regards,

Mark

 

[bodycare]

But sureley I can set an exchnage server up in the london office and they can use that.

All email are in the same domain

 

[markdmac]

Really not sure where you are misreading what I am telling you. Of course they can use an Exchange server locally. When you have more than one mail server in a domain, the mail must be delivered to the MX record listed in public DNS. This will be the IP of your SBS box. The SBS box will receive the mail, see that the users mailboxes are on the second Exchange server and deliver the mail over the VPN.

The two Exchange servers need to be in the same Exchange site.

I would strongly suggest that you conisder bringing in a MS Certified Partner to help you plan and implement this. Your understanding of the base concepts isn't strong enough to avoid some troubles that could cause you delays and additional costs due to down time.

I hope you find this post helpful.

Regards,

Mark

 

[bodycare]

I understand the concepts as I have implemented them all over the world but have never used SBS before and was unsure how it all hangs together.

What happens if a user in HQ wants to access a file on the server in London surely they can map a drive to the server and see it ?

 

[markdmac]

So long as a vpn is in place yes.

SBS doesn't change any of the root concepts. Only the use of the wizards on SBS is different.

I hope you find this post helpful.

Regards,

Mark

 

[bodycare]

1 more question I am no means an network wizard as the network dept use to look after this in old company would it be ok to do this across a 1mb dsl line

 

[markdmac]

Yes, but I would expect initial setup to be very slow as the initial sync will take a long time. After the initial sync you should be ok as only changes would get replicated.

If possible, I would set the London server up in the same office as your current server for speed and then ship it. Differences in power supplies might be a problem for you though.

I hope you find this post helpful.

Regards,

Mark

 

[bodycare]

HQ is in the UK so power supply should be a problem, if I set it up in my location here in HQ how would it handle the IP address change

 

[markdmac]

You will just need to edit the DNS record for the server.

I hope you find this post helpful.

Regards,

Mark