Setting up remote sites with a domain controller at each

Hello, I am setting up offices at 2 locations for the first time and I was wondering where I should go to get the best step by step information. My goal is to have a Windows 2012 (standard) server at each location acting as primary and secondary DC. User
log in at each location would act as one and file sharing would be seamless. Since this is my first venture, it goes without saying that I have a lot of questions... To name a few; as I will be using DHCP, are the private IP's at each location the same or
different? Would it be faster and more efficient to keep user-A files at their home location or put all the data to be accessed on one server? The questions could go on but this is not the place for it. I have done extensive searching on the topic but either
I get bits and pieces or the sites assumes that you already know a step so much is overlooked in assumptions. Help

Hi,
For the 2 questions:
1. Generally we will setup 2 sites for different locations so that computers know which site they are located.
2. Local file server is much more efficient - users will always access a local server - access a remote server will be very slow unless you have high network connectivity.
In order to get users accessing local file server, site-cost need to be set (so we need to use different sites for different locations).
FYI, here is an article for AD design. As you said it may lead more questions so just feel free to discuss with us.
If you are going to discuss a different topic, it is recommended to post a new thread for avoiding confusion.
Best Practice Active Directory Design for Managing Windows Networks
https://msdn.microsoft.com/en-us/library/bb727085.aspx
Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

Similar Messages

  • AD Site with no Domain Controller

    Hello,
    I have a customer that wants to set up a GPO to add a printer only when users are at a new remote office. They do not want to set up a Domain Controller at this site, so I was wondering if the best way to set this up would be to create a new site, add the
    sub net to this site, create the GPO, link it to this site, and use a low site link cost to make sure that a domain controller in North America is used, and not any of the DCs in their European sites.
    Thanks!

    That would indeed work. You would want to make sure the NA DCs have a lower cost link to the new site. They will likely enable auto-site coverage if it calculates out properly. If someone has turned off this feature you may need to re-enable it on DCs.
    Mark B. Cooper, President and Founder of PKI Solutions Inc., former Microsoft Senior Engineer and subject matter expert for Microsoft Active Directory Certificate Services (ADCS). Known as “The PKI Guy” at Microsoft for 10 years.

  • [Forum FAQ] How to sync time with a Domain Controller for a standalone server

    As we all known, if a computer belongs to an Active Directory domain, it will sync the time automatically by using the Windows Time service that is available on Domain Controllers.
    While a standalone server will synchronize with its local hardware time and Windows time server. (Figure 1)
    Figure 1.
    Under some circumstances, a standalone server is necessary in a product environment. We can sync the time of this standalone server with the Domain Controller using
    the steps below:
    1. Modified the value of the AnnounceFlags:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config
    Under this entry we can see the default value of AnnounceFlags is 10 (Decimal), we configure the value as 5 (Decimal). (Figure 2)
    Figure 2.
    2. Confirm the value of the registry key below is set to 0:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer 
    Figure 3.
    3. Configure the standalone server to synchronize with a specific time source (Domain Controller).
    In our test, we configured our Domain Controller (192.168.10.200) as the time source. Used the following commands:
    w32tm /config /syncfromflags:manual /manualpeerlist:192.168.10.200
    4. Sync the time with the Domain Controller using the command below:
    w32tm /config /update
    From the figure below (Figure 4), you can see the after we did all the steps above, the time on the standalone server was synced with the Domain Controller.
    Figure 4.
    (Note: Peerlist is a separated list of DNS servers, or IP Addresses for the time servers)
    More information:
    Windows Time Service Tools and Settings
    http://technet.microsoft.com/en-us/library/cc773263(WS.10).aspx#w2k3tr_times_tools_dyax
    Please click to vote if the post helps you. This can be beneficial to other community members reading the thread.

    Thank you for the instruction! I am sure it is one of the scenarios that majority of administrators will run into. So I suggest to write a wiki about it and publish it for this month's TechNet Guru in Windows Server section. This month's TechNet Guru can
    be found here:
    Calling All Wise Men! Windows
    Server Gurus Needed! Apply Within! No One Turned Away!
    Thanks for your informative post. :)
    Regards.
    Mahdi Tehrani   |  
      |  
    www.mahditehrani.ir
    Please click on Propose As Answer or to mark this post as
    and helpful for other people.
    This posting is provided AS-IS with no warranties, and confers no rights.
    How to query members of 'Local Administrators' group in all computers?

  • WVC80N software "unable to set up remote viewing" with TZO

    I've researched this all night and I'm now begging for help.
    I've got the camera all set up and I can view it while on the local network.  The problem comes in when I try to sign up for the 90-day free TZO trial that comes with the camera to try to get remote viewing on my iPhone.  I progress through the Linksys setup software (as is detailed here: http://www.tzo.com/MainPageSupport/HowToPage/LinksysHomeMonitoringNCameraTutorial.html) and between steps 7 and 8, I get a screen that says "Unable to set up remote viewing" with my network, click this link to learn how to remotely view your camera.  The link takes me to a page on the TZO site that says "Oops, there was an unknown error with setting up you camern for remote access" and nothing else.  It seems to die on the "Configuring Internet Server" step.
    Within the camera's setup page, there's a link to the TZO website that tells me that because I have a WVC80N, I have to use the setup CD to set up the 90-day free trial, which fails as described above.
    I've set the camera to have a fixed IP of 192.168.1.200
    I've set the Alternative Web Access Port to 1024
    In Port Range Forwarding in the router, I've set 1024 to 1024 to forward to 192.168.1.200 (not sure exactly what this does)
    The router is a WRT160N
    Any ideas?

    Have you tried getting in touch with TZO and set the DDNS up the old fashioned way?  I also know that TZO has a beta going on of a new IP camera application for remote viewing and this may also help.  Not sure why the setup is failing though, but oook is probably right, something wacky with the router, IP or ISP that the setup software just doesn't like.
    http://www.MyHomeServer.com
    Linksys IP camera reviews, Tutorials and How-To's on Web & Mobile Streaming

  • Can i set up remote desktop with my Mac Air and Windows 7 HP desktop?

    I am wanting to set up remote desktop with my Mac Air and HP windows 7 home edition desktop.  Is this possible and how do I begin setting this up?
    Thanks for the help!

    There is an app in the Mac App Store to use Microsoft Remote Desktop with a Mac: https://itunes.apple.com/us/app/microsoft-remote-desktop/id715768417?mt=12
    But according to their support site it requires Pro, Enterprise, or Ultimate in the Windows 7 side. http://technet.microsoft.com/en-us/library/dn473006.aspx
    If it was me, I would first look into Teamviewer to see if it will do what you need. It does work between Mac and Windows and it is free for non-commercial use. http://www.teamviewer.com/en/index.aspx

  • Register APs at remote site with WLCs at the core via Metro E.

    All,
    I have problem with register APs at the remote site with WLCs at the core.
    All of my WLCs are on main site; and the majority of APs are on same subnet and same site with the WLCs. This works just fine.
    However I have a remote site with connected to the core via metro E. And I am unable to make the APs at this site register to the controllers at the core.
    On remote site APs and PCs are on subnet. And PCs are work just fine. I have the DHCP scope options 43 set for the ip address of the WLCs.
    Metro E interfaces are on 192.168.0.0 /24.
    Clients (PCs and APs) at remote are on 192.168.56.0 /24
    I have the configuration on the Metro E and and remote site on the attachment.
    Thank in advantage.

    To get APs registered, make sure AP is getting an ip address and can ping WLC
    Once this is verified, run the following debugs on WLC CLI and attach it to the thread:
    - debug mac addr
    - debug capwap OR lwapp events enable
    - debug capwap OR lwapp errors enable
    - debug pm pki enable
    To stop debug
    - debug  disable-all
    In case you have 'console' access to remote site AP, capture AP boot up and then run "debug ip udp" on AP CLI
    To stop this debug
    AP# undebug all

  • Remote Site with its own CUCM Sub#2 and Router network failed and the site didnt keep its phones active, need some assistance

    I have a Pub and 2 Sub's.  Sub #1 is with the Pub, at the main site it is our TFTP server, Sub #2 is at a remote site with about 100 users along with a router and 2 PRI's for outbound calls.  We had a network failure between the main site and the remote site and all phone lost their registration with the system until we were able to get the network back up.   Currently the network is up in a crippled state on a 1 T-1 link while we troubleshoot the bigger issue with our 6mb pipe, however Sub #2 and its associated router arent talking with the PUB or other Sub.  I'm still getting alerts every 30 minutes stating they are the server is down.  I'm sure once the network is corrected this will bring everything back on line.  My question is how can I prevent in this in the future.  I need this site to be stand alone if the network goes down again.  I was told by our vendor that if we had a subscriber at each site then we would need SRST licensing. I know something needs to be configured to make it all work, I'm just not sure what.

    I already have a group at the site but it includes both the Pub and Sub from the main site as well as the Sub from the remote site.  I would only have to remove the Sub from the main site, problem is I currently only have 1 TFTP server it runs on SUB #1, should I make SUB#2 a TFTP server as well and the phones are setup for DHCP at the main site, I'm going to need to have a DHCP server setup at the remote site as well. Correct?

  • How to restrict users working on Windows 7 clients from accessing Windows Explorer and other systems in the network through Group Policy with a domain controller running on Windows Server 2008 r2

    Dear All,
    We are having an infrastructure setup of around 500 client computers managed through group policy.
    Recently the domain controllers have been migrated from Windows Server 2003 to Server 2008 R2.
    Since this account requires extremely strict environment, we need to figure the solution for restricting the users from access anything locally.
    It would be great if you can assist me with the following query.
    How to restrict users logged on Windows 7 clients from accessing Windows Explorer and browsing other systems in the network through Group Policy with a domain controller running on Windows Server 2008 r2 ?
    Can we disable Network Tab on the left hand pane ?
    explorer.exe is blocked already, but users are able to enter the Windows Explorer by clicking on the name which is visible on the Start Menu.

    >   * explorer.exe is blocked already, but users are able to enter the
    >     Windows Explorer by clicking on the name which is visible on the
    >     Start Menu.
    You cannot block explorer.exe when you do not replace the shell - the
    desktop you see effectively IS explorer.exe...
    Your requirement sounds like you need a custom shell:
    http://gpsearch.azurewebsites.net/#2812
    Martin
    Mal ein
    GUTES Buch über GPOs lesen?
    NO THEY ARE NOT EVIL, if you know what you are doing:
    Good or bad GPOs?
    And if IT bothers me - coke bottle design refreshment :))

  • Multiple Web Sites with Personal Domain Names - Overview

    I have read through the last 10 pages of these discussions and have almost worked this out, but I need some help.
    Problem:
    I want to publish and edit two separate web sites with their own, individual, personal web addresses
    from the same user account on the same Mac using iWeb '08 (2.0.2) and my .Mac account
    _So far:_
    I have purchased and registered the two domain names (with Cheap-DomainRegistration.com)
    I have configured the CNAME to point to web.mac.com, and "Set up a Personal Domain" in iWeb successfully, but using a separate Mac for each web site.
    The two sites work great.
    _What (I think) I need to know:_
    (excuse me for copying these posts out, but I can't find a way to link them to this post)
    1) Should I be using iWebSites as suggested by Old Toad (posted Jan 24 in response to StAnNe's "Multiple Websites--HELP!!!")?
    I use iWebSites to manage multiple sites.. It lets me create multiple sites and multiple domain files.
    2) Should I be using Mireille's approach (also posted Jan 24 in response to StAnNe's "Multiple Websites--HELP!!!")?
    Yes you are correct in the thought that with a family pack you can use different accounts and that is the easiest way to upload with one click to .mac. But it is still possible to publish differents sites to one .mac account if that is all one has. Even if the sites are in one domain file each purchased mysite.com domain name purchased can be pointed to a different page in the site
    Look at it this way
    Original Poster has
    site1 page 1 page 2 and so on
    then he/she has brothersite page 1 and so on.
    They each have a domain name purchase wherever
    then site1domain.com is forwarded to site 1 page1
    and brotherdomain.com is forwarded to brothersite page 1.
    Even though both sites are in the same file they do not have anything to do with each other.
    This is one possibility there are others but for a novice user this could be the way to go for simplicity.
    (Mireille, if you're there, can you clarify what you said - thank you)
    3) Would I use Roddy's fix (posted Jan 23 in response to canadensis' "Publishing Multiple Websites?")?
    Here's an example of how you can separate two websites that are on the same domain file.
    Quit iWeb
    Create a new folder on your desktop and call it "iWeb Sites".
    Inside this folder create two more - Website A, Website B.
    Go to Home Folder/Library/Application Support/iWeb and copy your domain file - command C
    Paste this into folders A and B - command V - and also paste a copy of it somewhere else - like in Docs - in case you make a mistake!
    Double click the domain file in the folder Website A - this will launch iWeb.
    In the left column, delete site B, save and quit iWeb.
    Double click the domain file in the folder Website B to launch iWeb.
    Delete website A, save and quit.
    Drop the iWeb sites folder into your Home Folder.
    If you want quick access to this folder you can highlight it and do command L to create an alias to leave on the desktop.
    From now on, to launch any site in iWeb you open its folder in the iWebsites folder and double click the domain file.
    This is not necessary when you are working on only one site as iWeb saves the domain file of the last site you were working on to Home Folder/Library/Application Support/iWeb. When you open the iWeb application, the last site you worked on will be launched.
    Summary:
    I'm not sure if some of the answers in previous discussions allow for personal domain names, which is what I need.
    I would be very grateful for any suggestions as I'm getting bogged down.
    Many Thanks,
    Jeff

    When you said, "you don't need to do CNAME for both sites…", would this method still allow me to use personal web addresses for both sites?
    Yes. With "Ordinary Forwarding" you normally just type your .Mac url (web.mac.com/username/sitename) into a form at the place where you have your name.
    I thought I was using 'web.mac.com' as the 'www' CNAME (alias) for my personal domain name (web address), so that when someone typed in my personal domain name they would 'go' to the domain registration location, which would then pass it on to the .Mac server, where my web site is hosted.
    That's exactly right. It's just not the only way to do that. Ordinary Forwarding is another way, but it differs in terms of what appears in the address bar of the browser. Either you will see web.mac.com/username/.... or, if you add "masking", you will see your personal name for all pages. The CNAME method results in a address bar that reads www.myname.com/sitename/pagename.html.
    Am I way off?
    All help gratefully received,
    Jeff

  • How to publish custom web site with own domain name?

    Hey out there. I wonder if anyone can give me any tips on how to publish a web site with my own domain name.
    I have a web site I'm building and I want to purchase a domain name and then publish the site using that domain name.
    I know how to buy a domain name. I have a .mac account so I'm hoping that .mac can host the site. What I don't quite understand how to do is get .mac to host the site using that domain name. I looked through Apple Support but couldn't find what I was looking for. Just wondering if anyone has been in this situation. Thanks in advance.
    Dave
    [email protected]

    Dave ~ Welcome to the discussions. .Mac was re-branded as MobileMe last July. If you're not building your site with iWeb, it's considered to be a "custom" website. These Apple docs may help:
    MobileMe: How to publish a custom website
    iWeb ’08: Using your own domain name
    ...Use this search page to find such documents:
    http://support.apple.com/kb/index?page=search
    Note that you don't need to have iLife '08 to be able to direct your domain name to your custom website published to MobileMe. As someone wrote on another thread:
    "My personal domain is linked to my MM but i don't even have ilife on my mac. When you go to the options in MM to link your personal domain to your MM it provides directions that will guide you with setting up your godaddy settings."
    ...Where "MM" is MobileMe here:
    http://me.com/account
    ...+Personal Domain+ tab, and "godaddy" is wherever your domain name is registered.

  • Managing remote C800 with the wireless controller

    We have a number of regional offices throughout the country with a C800 as the Internet facing router and it is also our wireless.
    We have a Cisco wireless controller in the Data Center an we need to manage\monitor all the C800, but the problem is that those remote sites
    are not VPN'd nor part of our WAN network.
    Which setup do you
    /* Style Definitions */
    table.MsoNormalTable
    {mso-style-name:"Table Normal";
    mso-tstyle-rowband-size:0;
    mso-tstyle-colband-size:0;
    mso-style-noshow:yes;
    mso-style-priority:99;
    mso-style-qformat:yes;
    mso-style-parent:"";
    mso-padding-alt:0in 5.4pt 0in 5.4pt;
    mso-para-margin:0in;
    mso-para-margin-bottom:.0001pt;
    mso-pagination:widow-orphan;
    font-size:11.0pt;
    font-family:"Calibri","sans-serif";
    mso-ascii-font-family:Calibri;
    mso-ascii-theme-font:minor-latin;
    mso-hansi-font-family:Calibri;
    mso-hansi-theme-font:minor-latin;}
    recommend:
    1) 1)      WLC to monitor the C800 using its public IP address
    1)  2) Create a VPN tunnel from each of the remote sites to our data center and only allow wireless to go through for mgmt purposes
    anany other options?
    T

    First question is which 800 do you have ? there's like 20 different versions out there.
    If you talk about WLC, I would suppose you have something like the 880 ?
    I'm afraid the WLC will need the internal AP ip address. So you would need to do so reverse nat to direct public ip address tarffic on capwap ports to the internal AP.
    This or the VPN tunnel.
    Nicolas
    ===
    Don't forget to rate answers that you find useful

  • NTLM Authentication with a domain controller/active directory

    Hi,
    I have a requirement to do an NTLM authentication with the MS active directory.
    I am aware that JNDI doesn't support this protocol to communicate with the AD.
    I have looked into couple of online solutions available but that doesn't seem to meet my requirement. Most of the solutions like (Apache commons NTLMScheme/NTCredentials and java.net.Authenticator etc...) are used for only NTLM proxy authentication (where both username, password is sent to the proxy server which does the actual NTLM authentication with the Active Directory.)
    What I need is a solution in Java where I can directly contact Active directory for negotiation of challenge/response mechanism.
    Can any of you guys suggest any alternative to achieve this ?

    it really depends to be honest. I'd probably go something like this though:
    One Small physical server to act as a domain controller - you could put DHCP on this too
    One or Two physical, quite powerful servers to act as Hyper-V hosts - these can be domain joined. 
    Then for your VM's create the following:
    1 x additional domain controller
    For remote desktop services:
    1 x Remote Desktop Session Host
    1 x Connection Broker
    1 x Gateway and web server
    For additional services
    1 or 2 x Exchange
    1 x sharepoint
    1 x IIS
    but it really depends what you want to achieve. 
    The benefit from Virtual machines is that you can keep separate virtual servers for separate applications. 
    If you have two hosts you could then replicate the virtual machines between them if you wanted some layer of fault tolerance. 
    Hope this helps you a bit more. And thanks for positive blog feedback - its appreciated. 
    Regards,
    Denis Cooper
    MCITP EA - MCT
    Help keep the forums tidy, if this has helped please mark it as an answer
    My Blog
    LinkedIn:

  • How to move iWeb site with missing Domain.sites file

    I've been asked to host a friend's iWeb site now that MobileMe is no longer an option.  The problem is that the MacBook it was created with is long gone and the only original files remaining are the image files for the site. No Domain.sites file.  They are also not sure which version of iWeb was used, if that even matters.  Initially I was thinking we could just access the existing site using ftp and go from there - upload the site to my hosting account and use Dreamweaver to maintain it, but everything I've read seems to point to 'Not gonna happen that way'.
    Is there a way to transfer an existing iWeb site hosted on MobileMe to a new hosting account and be able to work on it with another editor, all the while not having the original Domain.sites(2) file?
    Thanks much,
    Mark

    Quite a few people are moving to other drag and drop style editors like Sandvox and RapidWeaver although they aren't really any better - just more expensive.
    I advise people not to use iWeb for new sites and just to keep it going to update existing ones until they are defunct or rebuilt some other way.
    I quit using iWeb about a year ago due to the fact that it, and similar apps, can't create responsive designs for mobile devices although I did figure out a stop gap design for iPhones...
    http://www.iwebformusicians.com/iWeb/Mobile-iWeb.html

  • Active Directory integrated LION with offline Domain Controller

    Hi,
    I have some OS X Lion machine, and all of them joined into the Win2008 AD. There is no any issue when the Domain Controller is reahcable, but when it is not reahcable, or the machine is not in the same network as the DC, then I am not able to login with my AD user.
    In Windows the last credential is stored on the local machines. So if the machine is OFFLINE from the DC, then it is able to let the AD user to login.
    Is there any trick or option how I can implement it with my LION clients? Or there is no way to use AD user when the AD is not reachable?
    Thanks in advance!

    He actually didn't specify much about dynamic updates requirements for old domains, if they don't need secure dynamic updates then a primary zone would work:
    The DNS Server service allows dynamic update to be enabled or disabled on a per-zone basis at each server that is configured to load
    either a standard primary or directory-integrated zone.
    REF: Understanding Dynamic updates
    This post is provided AS IS with no warranties or guarantees, and confers no rights.
    ~~~
    Questo post non fornisce garanzie e non conferisce diritti

  • Deploying unity connection at remote site with CUCM at central site

    I am planning to deploy Unity connection at remote site while the CUCM is at central site only. Will appreciate of someone can shd some light on this, has anyone already deplyed same scenario , any specific requirements to take care of please ?
    Thanks in advnace,
    AB

    AB,
    Yes, having your Unity Connection server at a different location than your CUCM is supported.  
    I cannot really help you with specifc requirements as it largely depends on exactly how you intend to deploy it and what features you intend to enable.  Clustering, Digital Networking, Unified Inbox, etc.. all have their own additional requirements the whole of which would not fit into a message board post.
    However, specific bandwidth and latency requirements are listed in the "System Requirements for Cisco Unity Connection Release 8.X.   http://www.cisco.com/en/US/partner/docs/voice_ip_comm/connection/8x/requirements/8xcucsysreqs.html
    The SRND and the System Requirements should get you on the  right  track.  I would encourage you to read both documents fully and  then  come back with any specific design questions you may have.
    -Steven

Maybe you are looking for

  • Syncing with windows media player

    Do I have to have my music in itunes or can I sync with the music I have in my windows media player?

  • Booting from OS 9 over Mac OS 10.4.11

    Hi all I have a G4 PPC 1.4 Ghz, 2GB ram, running OSX 10.4.11... I have Copied a OS 9 System Folder from another system in the HD.. (that System is also running 10.4.11 & can also Boot from OS 9 via System preferences)... the OS 9 on my System is runn

  • HT2801 CD is not supported by mac

    I have a CD for a course im doing and i need to open it. My mac will not support the disc, is there an app or anything i can do to play the dis?

  • Printing Problem in New Page Format

    Hi Everybody,               I have an issue lying  long time in my Company.         Abap person asked me to create a new page format with new page sizing and all. i created it. this is actually for Voucher printing which does not require A4 size. so

  • Fetch Data or Return as Collection

    Hi , I have a Java interface which needs a large set of data ,say 7000 records at a time.All the details can be fetched by using a single query joining may be 6 tables with outer joins. Is it good to write a stored procedure and return these data as