AD SItes & Services Query 1

[Diffy1]

Hi !!

Recently added a member server to small branch office. The office has a different IP subnet to the main office and the two are connected via a site to site VPN (users authenticate to a domain controller in the main office). With this scenario what would I need to setup in AD S&S to ensure that the main office DC's acknowledge the remote site

I am currently getting the following event logged on the main office Domain Controller:

There are x many connections to this Domain Controller from client machines whose IP addresses don't map to any of the existing sites in the enterprise.

Would I need to setup:

1. A new site.
2. A new subnet - pointing it to the new site?

Cheers

 

[pagy]

Yep, a new site and subnet assigned to the site. You then move the DC at the branch office to the site you have created in sites and services. More info here;

http://www.microsoft.com/technet/pr...rectory/activedirectory/stepbystep/adsrv.mspx

Paul
MCSE


"Two things are infinite: the universe and human stupidity; and I'm not sure about the the universe."
Albert Einstein

 

[Diffy1]

Hey Pagy thanks for the post! The branch office is only a small number of users so as yet the server is only a member server. With no branch DC to move into the new site how would I get around this?

Thanks again!

 

[pagy]

Well if you don't have a dc in the branch office using sites and services won't help you out much. The reason for sites and services is to get member machines authenticating to a DC close to them.

Is it just a head office and 1 branch site that you have??

Paul
MCSE


"Two things are infinite: the universe and human stupidity; and I'm not sure about the the universe."
Albert Einstein

 

[Paulreg]

If you create a new site in AD Sites and Services, then a new Subnet, it does not matter that you have no DC in the new site, the DCs at head office will recognise the remote office site. The clients machines IP addresses will match the new site.

"There are x many connections to this Domain Controller from client machines whose IP addresses don't map to any of the existing sites in the enterprise.

 

[pagy]

Yeah, I was thinking more from the point of view of having machines in the branch office site authenticate to a dc in the branch office. I missed the bit on the original post that said it was a member server.

Paul
MCSE


"Two things are infinite: the universe and human stupidity; and I'm not sure about the the universe."
Albert Einstein

 

[Diffy1]

Hi Guys - so basically I can setup a new AD site for the new branch then a new subnet (pointing the new subnet to the new site) with no DC's in the equation?

Existing setup was one main office and one site (DC's at both locations) with new site and member server for new office.

The new site I create will allow (new site) PC's to be recognised based on the client IP's but in terms of authentication I guess you cannot control which DC the new site PC's authenticate against (existing main site or existing head office)? Unless I promote the branch member server to DC and move that into the respective site?

Thanks in advanced!!

 

[Paulreg]

Yes, you don't need a DC in your new site.
Do I understand correctly that you have 2 existing sites each with a DC ?
If so you could create new site links with your new site and adjust the costings to give priority to the DC (site) of your choice.
If your 2 DCs are in the same site, I don't think you can control which DCs the clients authenticate against.

 

[Diffy1]

Yes that correct we have 2 existing sites configured - we have the default first site name for the main office (2 DC's) and an existing branch office site (1 DC).

At the moment DEFAULTSITEIPLINK contains the 3 DC's for the 2 sites so I will need to create a separate site link (and replication) for the two existing sites and then another site link for my new site (I think!)to the DEFAULTSITEIPLINK

Many thanks!