none
Domain Controllers at remote sites through VPN RRS feed

  • Question

  • Hello

    I want to phase in a new setup where our main premises hosts a Domain Controller and other services (RADIUS, SCCM, etc.)

    I have a office in another location and i want to extend the network there by installing a domain controller there which is part of a Forest but has a second Site.

    Both sites have different IP address's by different ISP's as its not in a WAN link. Would it be possible to achieve this through VPN using Routing and Remote Access or any other built in service?

    I would like the servers and clients at the remote branch to connect to its local site DC and be discover-able by the Head Office without them requiring extra configuration. Ideal setup is for remote servers and clients contact their local DC which sends information back to head office. 

    Thanks

    -Josh

    Sunday, October 14, 2018 9:08 AM

Answers

  • Hi,

    Thanks for your reply.

    Based on the description, it should be working, we could use the method to connect the two office.

    Best Regards,

    William


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by Joshua Ferraz Sunday, October 28, 2018 5:12 AM
    Tuesday, October 16, 2018 1:25 PM

All replies

  • Hi,

    Thanks for posting in our forum.

    According to my knowledge, we could setup site to site VPN by Routing and Remote Access between the two offices.

    The following article and video are related to how to setup site to site VPN, for your reference:

    https://blogs.technet.microsoft.com/jletsch/2016/03/15/lets-configure-azure-site-to-site-vpn-with-rras-in-azure-resource-manager/

    https://www.youtube.com/watch?v=cIo1EeDcR8I

    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    Best Regards,

    William


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Proposed as answer by William Liang Monday, October 15, 2018 3:06 AM
    Monday, October 15, 2018 2:49 AM
  • Hi William

    Are there any specific ports that need to be opened?

    Regards

    Joshua Ferraz

    Monday, October 15, 2018 2:53 AM
  • Hi William

    Are there any specific ports that need to be opened?

    Regards

    Joshua Ferraz

    Hi,

    For required ports, I would suggest you refer the following article which include all the required ports of AD DS.

    https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd772723(v=ws.10)

    https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-2000-server/bb727063(v=technet.10)

    Best Regards,

    William


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Proposed as answer by William Liang Monday, October 15, 2018 3:06 AM
    Monday, October 15, 2018 3:05 AM
  • Hi Will

    After looking through the video, i cant use it as the user in the video is connecting to his local servers. Our branch office has a different external IP address because its by a separate ISP. these are not WAN connections. I can only use Software VPNs

    Any ideas?

    -Josh


    Monday, October 15, 2018 4:12 AM
  • Hi,

    Thanks for your reply.

    May I know whether the server can NAT to an external public address? If can, RRAS should also working.

    Otherwise, I would suggest you create a new thread in Network related forum or find local resource to get more efficient support.

    Thanks for your understanding and support.

    Best Regards,

    William


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, October 15, 2018 7:34 AM
  • Hi Will

    If you mean access, Clients can access the server by connecting to a L2TP VPN i made a while ago with a PSK. They have access to Domain Resources remotely. The server can access internet and public IP addresses. It has a Hyper-V External switch connected to it (it being the Head Office RRAS VM)

    Regards

    Josh

    Monday, October 15, 2018 7:48 AM
  • Hi Will,

    RRAS VPN through Demand-Dial is not what i'm looking for. I was looking for a way to actually bridge 3 networks at different places with a different WAN IP for each place.

    I was looking at this: https://www.tp-link.com/cz/faq-380.html

    I assume it is good enough as we are not a Large scale organization. Also with the link i have mentioned above, in the example, could i use the TL-R600VPNs for both sides of the network?

    Thanks

    -Josh

    Tuesday, October 16, 2018 11:15 AM
  • Hi,

    Thanks for your reply.

    Based on the description, it should be working, we could use the method to connect the two office.

    Best Regards,

    William


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by Joshua Ferraz Sunday, October 28, 2018 5:12 AM
    Tuesday, October 16, 2018 1:25 PM
  • Hi Will

    I have placed the order for the 2 VPN routers. I will report back here once i have received and tested them. Thanks for your help in this matter so far.

    Kind Regards

    Joshua 

    Tuesday, October 16, 2018 1:36 PM
  • Hi Will, i have configured the 2 routers and we have a connection. I was able to ping remote office computers from CMD by DNS/IP/FQDN and join a server at the remote site to a domain and promote it to a domain controller and verified replication worked by creating a test user. 

    Thanks for your help

    Kind Regards

    Josh

    Sunday, October 28, 2018 5:12 AM