New DC at a new site

[Guest]

My company will set up a new branch office at other location and I'm
planning the infrastructure now. We have a single domain structure and I
would like to place a Domain Controller with GC at the new location. Alos
make a new OU for the users and computer for the branch office. Below is my
drafting plan:

1. Create a new Site and Subnet on the first DC
2. At the new location, install a W2K server and promote as a DC (Q1: it
will connect to headquarter through Internet, how should I configure the DNS
settings? Q2: I will install DNS service on this DC, should I install before
DCPROMO or after?)
3. Should I move this new DC to the new OU, or it will just inside the
Domain Controllers OU in the AD tree?

I'm a bit confused how to do it step by step, I'll appreciate if anyone can
give me some hints.

Many thanks.

 

[Steven L Umbach]

You need to first connect the two sites which is usually done using
something like an ipsec tunnel between the networks with ipsec endpoint
devices or VPN router to router connections. There are very affordable
devices [ Netgear FVS318 for under $100] that can do such, of course a lot
depends on your needs. Windows 2000/2003 Server can be used for the VPN
server but you really want to avoid making a domain controller a VPN server.
Each site will need to be on a different network as in if you use
192.168.1.xxx for one and 192.168.2.xxx for the other. Once you create your
VPN connection between the two networks over the internet both networks will
be connected though over a very slow link compared to lan speed.

Then you can set up your new domain controller in the new site. Configure it
initially to point to your other domain controller as its preferred dns
server and then dcpromo it. I would also install dns on it first, but let
the dcpromo process configure it with the AD domain which may not show up
right away. Do not move the domain controller to the new OU - leave it in
the domain controllers OU. I [ my opinion] would configure your sites after
the new domain controller is up and running well as creating sites will slow
down replication interval. This would be a great question to also post in
the win2000.active_directory newsgroup. I am not quite sure on the dns setup
you should use after the site is established. You want the domain computers
in the site to be configured to have first the site domain controller and
then the main site domain controller as their preferred dns servers. I am a
bit unsure of the site domain controller configuration itself. Normally you
configure domain controllers to point to the pdc fsmo for the domain and
then themselves as preferred dns servers but for a site it may work better
if the site domain controller points first to itself and then the pdc fsmo
as it's preferred dns servers. --- Steve