1

Background

We currently have two networks, one in London, and one in Brighton. We use Office 365 for email, Lync and Sharepoint, so there is no Exchange server. Both offices are connected by a VPN.

  • London is a larger office of 50 users and is on range 192.168.0.0 (255.255.255.0) on a EFM line.
  • Brighton is a small office of 5 users and is on range 192.168.16.0 (255.255.255.0) on BT infinity.

Brighton currently has an old 2003 Small Business Server on their own domain, this means they cannot log on to our London domain when they visit, and visa versa – the domain controller in London is also a 2003 server box.

On Friday, we will be promoting a new 2012 R2 Domain Controller in London. As part of this process I want to remove the Brighton domain entirely and bring the Brighton network into the London domain.

We have new a server for Brighton that is to do DHCP, DNS and file server roles on the 192.168.16.0 network. I want all Active Directory and Group Policy functions to be delegated from this server in Brighton to our new domain controller in London.

The questions

  • How will the DNS server in Brighton locate Active Directory Services in London on the different IP range? Is there an SRV record we need to set up to tell the server where to get AD and GP services?
  • Would DC replication be a better way to go here? Is it even applicable or just for DR and HA purposes? Would replication give the added bonus of added redundancy (re the answer in this question). I would only want to managed the Brighton offices users from the DC in London (No IT function in Brighton).
  • Finally, is the above approach sound – we are not doing anything daft with the above strategy?
Community
  • 1
MagicalArmchair
  • 265
  • 3
  • 10

2 Answers2

1

Just set up a domain controller and Active Directory site (through the Active Directory Sites and Services utility) at your Brighton office after you've got the forest created at the London office. You already have a server at your Brighton site for DHCP and DNS, so you gain nothing by not utilizing it for domain services as well.

HopelessN00b
  • 53,795
  • 33
  • 135
  • 209
  • That would mean setting Brighton up as a totally separate domain? So the London domain would be DC_LON and Brighton would be DC_BRI and have them on the same forest? – MagicalArmchair Mar 09 '15 at 14:14
  • 1
    @MagicalArmchair No. Same Forest, same domain, different domain controller (and different ADDS site). FYI, you should *always* have more than one domain controller for every forest or domain you have. – HopelessN00b Mar 09 '15 at 14:16
  • So DC promo (the wizard on 2012 anyway) the London DC to get the forest created, then we would need to DC promo the domain controller in Brighton too? The catalogue would then propagate between the two providing redundancy should one go pop? – MagicalArmchair Mar 09 '15 at 14:30
  • 1
    @MagicalArmchair Basically, yeah. Of course, when you make the Brighton server a domain controller, you'd choose to join it to your existing domain. – HopelessN00b Mar 09 '15 at 14:32
  • That will give us added redundancy, it'll fulfil the goal of users being able to sign in at either site and get us off 2003! Thanks @HopelessN00b♦ – MagicalArmchair Mar 09 '15 at 14:41
0

IMHO the best solution would be to deploy Read-Only domain controller in Brighton. https://technet.microsoft.com/en-us/library/cc754719%28v=ws.10%29.aspx

citleon
  • 161
  • 3