Active Directory DC - VPN Question
-
Saturday, August 18, 2012 3:23 AM
Say i have 2 sites site 1 and site 2 both have a domain controller with the same domain say "example.local" now if for example lets say jhon doe`s account is on the site 1 dc and so is his home drive and he goes to site 2 to logon to the domain from a workstation but his account isnt on site 2 nor is his home drive how can i have "jhon doe" login to his account located on the site 1 dc at site 2 and also have his network drive and everything mapped and accessible from site 1 i want this acomplished through vpn and i dont wanna have to have to have all the workstations vpn site 1 i only want the site 2 dc to vpn site 1 possible or not also i want this to act the same way if a user from site 2 was to login to site 1
POSSIBLE OR NOT? IVE SEEN THIS DONE ON OTHER NETWORKS BY THE WAY!
Viper Technologies Computer Repair Putting The Venomus Bite Back In Your Computer We Are Located In Antigonish ,NS Canada Check Us Out HTTP://WWW.VIPERTECHNOLOGIES.TK
- Moved by Tiger LiModerator Monday, August 20, 2012 1:53 AM (From:Branch Office)
All Replies
-
Monday, August 20, 2012 6:57 AM
Hello,
there is no problem to connect 2 DCs over VPN, that way each D has ALL informations and also the profile information is stored and available.
On each site make the DCs also DNS/GC and use the site DNS as preferred on the machines NICs. Configure AD sites and services accordingly and clients use the site DC to logon.
For the profile/home drive it can be either accessed via the VPN connectio to the other site where the profiles are located(requires of course good bandwidth) or you use DFS to replicate also the content to another server on the remote site, depends on your needs.
Best regards
Meinolf Weber
MVP, MCP, MCTS
Microsoft MVP - Directory Services
My Blog: http://msmvps.com/blogs/mweber/Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
- Proposed As Answer by Tiger LiModerator Monday, August 20, 2012 8:31 AM
- Marked As Answer by Tiger LiModerator Thursday, August 23, 2012 1:04 AM
-
Monday, August 20, 2012 8:18 AM
Hello,
So as I see, the changes are not reflected to the other side (Site 2) and it is for that the account does not exist on your second DC. This is related to AD replication as DCs are not replicating their updates.
I hope that the DC in site 2 is an ADDITIONAL DC of the domain created on the DC in site 1. In fact, if you created two domains (In site 1 and site 2) with the same domain name, that does not mean that both DCs belongs to the same AD domain and here you have to decommission one the domains and make its DC as an additional DC of the other one.
For the use of VPN, this is fully supported for AD replication. However, I would recommend opening these ports in both direction: http://social.technet.microsoft.com/wiki/contents/articles/584.active-directory-replication-over-firewalls-en-us.aspx
This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.Microsoft Student Partner 2010 / 2011
Microsoft Certified Professional
Microsoft Certified Systems Administrator: Security
Microsoft Certified Systems Engineer: Security
Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
Microsoft Certified Technology Specialist: Windows 7, Configuring
Microsoft Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
Microsoft Certified IT Professional: Enterprise Administrator
Microsoft Certified IT Professional: Server Administrator
Microsoft Certified Trainer- Proposed As Answer by Tiger LiModerator Monday, August 20, 2012 8:31 AM
- Marked As Answer by Tiger LiModerator Thursday, August 23, 2012 1:04 AM
-
Monday, August 20, 2012 11:57 AMModerator
If you want to have all of your workstations to be able to contact a common data store whether in site 1 or site 2 then they will have to be able to access a common location. There should be a vpn that can be setup between site 1 and site 2 that has nothing to do with anyone device but instead there should be a network device on either end that hosts the vpn and so all the domain participants aren't even aware of the vpn configuration.
So the workstations will need to be a part of the vpn configuration, since you will want to set up a share that your users will need to map too by computer name/sharename, I.E. \\computer\%username%$. This is common from a NAS storage device.
--
Paul Bergson
MVP - Directory Services
MCITP: Enterprise Administrator
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, Vista, 2003, 2000 (Early Achiever), NT4
http://www.pbbergs.com Twitter @pbbergs
http://blogs.dirteam.com/blogs/paulbergsonPlease no e-mails, any questions should be posted in the NewsGroup. This posting is provided "AS IS" with no warranties, and confers no rights.
- Marked As Answer by Tiger LiModerator Thursday, August 23, 2012 1:04 AM
-
Tuesday, August 21, 2012 11:42 AMModerator
You can achieve this by allowing clients to communicate from Site 2 via site 1 DC. Its gonna put burden on the DC as well as usage of the home drive from the other drive might not be as fast frm the local site. Either, you can use DFS or Virtual profile infra.
You can surely control the traffic or as well as request from site 1 to site 2, by defining the path on the router.
Awinish Vishwakarma - MVP
My Blog: awinish.wordpress.com
Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.- Marked As Answer by Tiger LiModerator Thursday, August 23, 2012 1:04 AM
.png)
