Jun 10 2020 12:45 AM
Hi fellow technology enthusiasts,
I have some questions regarding the following setup. I hope you guys can help me out ;).
The goal is to link the redundant domain controller at a new building to the redundant domain controller in another building. Everything falls under the same domain (xyz.com). Therefor a new site (Site-B) has to be created with the new subnet (172.21.0.0/16).
The network devices at Site-B will have no access to the devices of the other site and vice versa. Only the domain controllers will be able to communicate with each other. Is this setup possible?
Currently the redundant domain controller at the old building resides in the default site Default-First-Site-Name with the default site link DEFAULTIPSITELINK. There is no subnet object created or linked to Default-First-Site-Name for the existing network range (172.20.0.0/16).
Note. The domain controllers at Default-First-Site-Name have Windows Server 2008 R2 installed and the domain controllers at Site-B will have Windows Server 2019 installed. The Forest and Domain functional level is Windows Server 2008 R2.
How I think we should proceed (Correct me if I’m wrong):
Install the AD DS role on the Primary DC of Site-B and promote the server with following settings:
Deployment Configuration:
Domain Controller Options:
Configure the redundant DC
My questions for you:
Are there any additional things we need to keep in mind?
Thank you in advance!
Jun 10 2020 07:28 AM
1.) No
2.) Yes recommended https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/designing-the-site-topology , No
3.) Yes
4.) Just configure site DHCP server to hand out only local site DNS
5.) Doubtful there will be an issue here
(please don't forget to mark helpful replies)
Jun 11 2020 02:39 AM
@Dave Patrick
Thank you for your feedback.
4.) I don't think this is anything that needs to be configured at the DHCP server level.
We are going to configure it in such a way that the clients of Site-B can't reach the DCs of the other site and vice versa. Next we will increase the priority of the SRV records (records with the lowest priority are used first) that contain the DCs at Site-B. This way nothing will change at Default-First-Site-Name, the clients at Site-B will have a 0.8 seconds delay during the DC Locator process because they will try to contact the DCs at Default-First-Site-Name but this is no problem.
Jun 11 2020 06:05 AM
Sounds good, you're welcome. Just make sure the sites can pass required information.
https://support.microsoft.com/en-us/help/179442/how-to-configure-a-firewall-for-domains-and-trusts