Forum Discussion
Creating Secondary Domain Controller
Your Windows Server 2019 VPS must use the on-premises Active Directory (AD) server as its primary DNS server.
Open ncpa.cpl → Right-click VPN interface (or main interface) → Properties → TCP/IPv4 → Properties.
Set the DNS to your AD server's IP address, e.g., 192.168.1.10 (your AD DNS server's IP address).
Remove all public DNS like 8.8.8.8 or 1.1.1.1 while testing domain join.
On pfSense:
- Go to Firewall → Rules → OpenVPN tab
- Make sure there is a rule that allows traffic from the VPN client to the on-prem DNS server (port 53 UDP and TCP)
On your Windows Server 2016 AD server, open Windows Defender Firewall with Advanced Security. Make sure that inbound rules for the DNS Server (TCP/UDP 53) are enabled.
You may run the following PowerShell commands:
Get-NetFirewallRule -DisplayName "*DNS*" | where {$_.Enabled -eq "True"}
Or temporarily test with:
cmd
CopyEdit
netsh advfirewall set allprofiles state off
Your Windows Server 2019 VPS must use the on-premises Active Directory (AD) server as its primary DNS server.
Open ncpa.cpl → Right-click VPN interface (or main interface) → Properties → TCP/IPv4 → Properties.
Set the DNS to your AD server's IP address, e.g., 192.168.1.10 (your AD DNS server's IP address).
Remove all public DNS like 8.8.8.8 or 1.1.1.1 while testing domain join.
On pfSense:
- Go to Firewall → Rules → OpenVPN tab
- Make sure there is a rule that allows traffic from the VPN client to the on-prem DNS server (port 53 UDP and TCP)
On your Windows Server 2016 AD server, open Windows Defender Firewall with Advanced Security. Make sure that inbound rules for the DNS Server (TCP/UDP 53) are enabled.
You may run the following PowerShell commands:
Get-NetFirewallRule -DisplayName "*DNS*" | where {$_.Enabled -eq "True"}
Or temporarily test with:
cmd
CopyEdit
netsh advfirewall set allprofiles state off