Forum Discussion

YvesDbr's avatar
YvesDbr
Copper Contributor
Jun 10, 2020

Considerations with creating an additional AD Site and linking it to another Site

Hi fellow technology enthusiasts,

 

I have some questions regarding the following setup. I hope you guys can help me out πŸ˜‰.

 

The goal is to link the redundant domain controller at a new building to the redundant domain controller in another building. Everything falls under the same domain (xyz.com). Therefor a new site (Site-B) has to be created with the new subnet (172.21.0.0/16).

 

The network devices at Site-B will have no access to the devices of the other site and vice versa. Only the domain controllers will be able to communicate with each other. Is this setup possible?

 

Currently the redundant domain controller at the old building resides in the default site Default-First-Site-Name with the default site link DEFAULTIPSITELINK. There is no subnet object created or linked to Default-First-Site-Name for the existing network range (172.20.0.0/16).

 

Note. The domain controllers at Default-First-Site-Name have Windows Server 2008 R2 installed and the domain controllers at Site-B will have Windows Server 2019 installed. The Forest and Domain functional level is Windows Server 2008 R2.

 

How I think we should proceed (Correct me if I’m wrong):

  1. Create Site-B with DEFAULTIPSITELINK as the site link, create the subnet object for this site (172.21.0.0/16) and link it to this site.
  2. Install the AD DS role on the Primary DC of Site-B and promote the server with following settings:

    1. Deployment Configuration:

      • Deployment Operation: Add a domain controller to an existing domain
      • Root domain name: xyz.com
    2. Domain Controller Options:

      • Specify domain controller capabilities: DNS server + Global Catalog
      • Site name: Site-B
  3. Configure the redundant DC

My questions for you:

  1. Will there be any downtime at the Default-First-Site-Name site?
  2. Do we need to create a subnet object for the computers in the Default-First-Site-Name site? If so, will this cause any downtime?
  3. Will the 5 FSMO roles remain located on the Primary DC in Default-First-Site-Name after linking both sites?
  4. If I understand this correctly, when a computer in Site-B starts up it will know in which site it resides thanks to the subnet object. If the computer can’t access the domain controllers in Site-B he will try to contact the domain controllers in the next closest site (in our case the ones in Default-First-Site-Name). Because network communication is only allowed between the domain controllers is there a way to prevent this behavior?
  5. At the moment you promote the first domain controller at Site-B it has to populate its own AD DS database using replication. This will replicate the AD DS database from the Primary DC at Default-First-Site-Name. Does this require much resources and network bandwidth? I know you have the possibility to install the database from media (IFM) but this will not work in our situation because we have an OS mismatch between domain controllers.

Are there any additional things we need to keep in mind?

 

Thank you in advance!

Resources