1

We have a domain controller (exchange box) hosted at our hosting provider. We need to set up a local domain controller so we do a VPN and local authentication tasks.

I can make the PDC accept all connections from our Office IP. How do I get the office router to correctly allow two way communications between the PDC (cloud) and the local DC. Is there a list of ports I need to pass through to the local DC?

Thanks!

"PDC" and "BDC" used for clarity--I know that the concept is obsolete.

Code Silverback
  • 253
  • 1
  • 2
  • 8
  • PDC and BDC only clarify that you're in need of some training on the topic, unfortunately. – mfinni Dec 28 '10 at 15:53
  • Whatever. Why are sysadmins get so insecure? – Code Silverback Dec 28 '10 at 16:01
  • 4
    We're technical people. If you're asking imprecise questions that show that you don't know that much about what we're asking, we'll point it out. If you're not a sysadmin, nor interested in becoming one, then this site isn't for you. Read the FAQ, please. – mfinni Dec 28 '10 at 16:06
  • 1
    Yeah, I read the faq, and I'm administering the servers, so that makes the site for me. I guess all I'm missing is the attitude problem. – Code Silverback Dec 28 '10 at 16:25
  • In any sphere, does using the terminology incorrectly ever endear you to the experts? Is the plumber going to giggle every time you call the toilet "that flush box"? You look like a .NET developer - what would you do if a colleague kept coming up to you with green-bar printouts and asking you questions about FORTRAN idiom on a project you were working on together? Using the wrong terminology makes us worry about what else you might be missing, and don't even know to ask about. – mfinni Dec 28 '10 at 16:30
  • 3
    Would you want your brain surgeon to ask you if he can cut into your mushy thingie with his dohicky? Would you want your proctologist to say he's going to poke you in your rear with his thingamabob? – GregD Dec 28 '10 at 17:26

2 Answers2

7

There's no such thing as a PDC or BDC with AD, those terms apply to NT3 and NT4 (from 13 or so years ago). There is a PDC Emulator FSMO Role, but that's somewhat different.

I'd suggest setting up a VPN of some kind between your hosted box and your network. Then running the AD traffic over that. There are many different ways to accomplish this, and which one is appropriate for your case will depend on what gear you have already, how much you're willing to spend on new software/hardware, your knowledge level and who has to maintain the setup...

You might want to get a local consultant involved. This shouldn't be overly complicated or costly.

Chris S
  • 77,945
  • 11
  • 124
  • 216
  • 1
    VPN + separate AD zones to allow control of replication. – Keith Stokes Dec 28 '10 at 16:00
  • 1
    By 'AD zones', if you actually mean Sites and Subnets, then yes. – mfinni Dec 28 '10 at 16:06
  • 1
    Too much time working in Citrix at the moment. Sites and Subnets is the correct term. – Keith Stokes Dec 28 '10 at 16:13
  • 1
    Also - the hosting company that BrianB is using should probably be providing most of the guidance on the networking side of this. If this isn't a standard offering that they can support, he should probably look at a company that can. – mfinni Dec 28 '10 at 18:02
4

1 ) Stop calling them PDC's and BDC's. That's been extinct for a decade.

2 ) If you have a VPN tunnel from your site to the provider, there are a TON of ports you're going to need to open, primarily DNS, RPC endpoint mapping, etc. I don't know the specifics and I'd be inclined to allow all traffic over the tunnel.

SpacemanSpiff
  • 8,753
  • 1
  • 24
  • 35