SS Technology Forum
Not logged in [Login ]
Go To Bottom

Printable Version  
 Pages:  1  2
Author: Subject: VPN and File & Folder synchronization
Guru
Junior Member
**




Posts: 27
Registered: 5/16/2011
Member Is Offline


[*] posted on 5/16/2011 at 07:11 AM
VPN and File & Folder synchronization


My name is Guru, System Administrator in a small IT firm. I am new to windows server side. I saw your website http://www.sivaranjan.com and I appreciate the time you spend to clear doubts of others in the forum.

I request you to kindly clear my doubts which I have mentioned below.

1. We have our main office and we are planning to open a new branch office. We purchased a domain name say, mydomain.com (example) from a provider and created our main office domain name as newjersey.mydomain.com. (I think it is the only domain and no child domain - Can you please tell me how to see whether it is a child domain) I was wondering whether can I set up the new branch office's domain name as maryland.mydomain.com. (mydomain.com is the only domain we purchased)

2. Also can you suggest me some ways on how to set up sharing and synchronization of files and folders between these domain (one server will have domain name as newjersey.mydomain.com and other will have maryland.mydomain.com) which will be in different locations one in newjersey and the other in maryland. Is there any particular software that I can use to do it.

3. My last question is, I setup a VPN to my main office using PPTP and GRE. The authentication policy for VPN is based on active directory users. When I tried to connect to the main office from anywhere outside, I am able to create tunnel and get authenticated. I got an ip address from the server for which I did the VPN. But when I tried to connect to internet through remote server it doesnt allow me to connect, it is not able to get the default gateway. Also I am not able to do mstsc.exe (remote access to server ip) even though the remote access is activated on the server side. In the main office network, DHCP is done by the verizon router, dns and active directory is on the server.

I request you to kindly provide me a solution and help me with this. I appreciate your guidance and thank you in advance.

Guru
View user's profile
Santhosh Sivarajan
Super Administrator
*********




Posts: 299
Registered: 6/29/2009
Location: USA
Member Is Offline


[*] posted on 5/16/2011 at 09:16 AM


FYI..you donít need to use public name as your internal AD name. This is not a requirement. You can use any names.

You can verify the domain structure using the one of following methods:

1. Run Netdom Query FSMO command and identify the FSMO roles. You can have only one Schema Master and Domain Naming Master in a forest.
2. Open ADSI Edit to connect to RootDSE. Find rootDomainNamingContext attribute. It will display name of the forest.
3. You can verify the domain trust Ė trust type
4. You can use this script list all domains inside the forest - http://blogs.technet.com/b/heyscriptingguy/archive/2005/03/08/how-c...

#2. Synchronized folders? Ė What are you trying to accomplish?. Are you familiar with DFS? http://technet.microsoft.com/en-us/library/bb727150.aspx

Do you have enough bandwidth between these locations?

#3. How did you configure the VPN solution? Are you using Windows 2008 R2? Sounds like a configuration issue. Depends on the configuration, you donít need a default gateway for the VPN connection. After the VPN connection, you will be part of the internal network.




Santhosh Sivarajan, Microsoft MVP-Directory Services

http://blogs.sivarajan.com/
http://portal2.sivarajan.com
http://twitter.com/santhosh_sivara
http://www.linkedin.com/in/sivarajan

This posting is provided AS IS with no warranties,and confers no rights.
View user's profile Visit user's homepage
Guru
Junior Member
**




Posts: 27
Registered: 5/16/2011
Member Is Offline


[*] posted on 5/16/2011 at 10:40 AM


First of all thanks for your prompt reply.

My first question about AD

To make it even more clear. We purchased a domain from http://dyndns.com for our office to create internal AD domain services. The domain we purchased is minotconnection.net (for example). The previous administrator built the network of our main office. Our main office in Newjersey has windows server 2008 running active directory. He created a domain in the server 2008 and the internal AD name is newjersey.minotconnection.net and added all systems and a printer to the domain and the network is done. He configured the Verizon router to handle DHCP. No DHCP is configured on the server. Newjersey is the only domain we had till now and there is no child or parent domain. I do understand that the name can be anything (not necessary public name as internal AD). We use public name because itís easy to know the location of office for employees.

Saying this we are opening a new branch office in Baltimore. The server we will have in Baltimore office is windows server 2008 R2. I need to create internal AD. I was wondering if I can use the same domain name minotconnection.net and create the internal AD as baltimore.minotconnection.net. Will there be any issues. Or do I need to purchase one more domain name with some other name like donutconnection.net (for example) from http://dyndns.com . Say, If I can use the same domain name minotconnection.net and create the AD as I said above, is there anything I need to look into or be careful off when I am creating the domain.

Thanks
View user's profile
Santhosh Sivarajan
Super Administrator
*********




Posts: 299
Registered: 6/29/2009
Location: USA
Member Is Offline


[*] posted on 5/16/2011 at 12:35 PM


If your plan is to ďintegrateĒ Baltimore office in to your existing AD, my recommendation is to add an additional domain controller in the existing domain. You donít need to create a child domain or buy a new domain name.

http://technet.microsoft.com/en-us/library/cc753720(WS.10).aspx

You can create a new Active Directory Site in the existing domain for Baltimore location. Assign Baltimore subnet to this site.

http://technet.microsoft.com/en-us/library/cc728152(WS.10).aspx

You will have one AD domain with 2 active directory sites.
Please let me know if you need more clarification.




Santhosh Sivarajan, Microsoft MVP-Directory Services

http://blogs.sivarajan.com/
http://portal2.sivarajan.com
http://twitter.com/santhosh_sivara
http://www.linkedin.com/in/sivarajan

This posting is provided AS IS with no warranties,and confers no rights.
View user's profile Visit user's homepage
Guru
Junior Member
**




Posts: 27
Registered: 5/16/2011
Member Is Offline


[*] posted on 5/16/2011 at 01:21 PM


In this case, I need to make Baltimore server as additional domain controller right. Is it like a master slave configuration. Newjersey will be main domain controller and Baltimore will be the additional domain controller. If I make such a setup. Do I need to setup the active directory users again or do I need to export it from the main domain controller. Will there be only one active directory users list? or how does it work.

Also about the DFS, we have made the entire D drive as shared folder with help of DFS management. If I make Baltimore server as additional domain controller, how does it work. Will the D drive of Baltimore server have same information as Newjersey server? Will D drive of both Baltimore and Newjersey server synchronize?

Also since both server will be in different location, is there any special setup that is to be made to make it synchronize and work with one active directory domain.

Thanks
View user's profile
Santhosh Sivarajan
Super Administrator
*********




Posts: 299
Registered: 6/29/2009
Location: USA
Member Is Offline


[*] posted on 5/16/2011 at 01:29 PM


That is correct. What do you mean by ďmaster slaveĒ configuration?

In AD, all DCs can perform read and write operation except Read Only Domain Controllers (RODC).

http://technet.microsoft.com/en-us/library/cc755058(WS.10).aspx

You donít need to re-create users, it will replace all information (user, group, computer etc) from one DC to another.

Do you have DFS in place? What is the link speed between these 2 locations? How many users do you have?

You donít need to do any additional configuration.

If you can, perform these steps in the lab first.




Santhosh Sivarajan, Microsoft MVP-Directory Services

http://blogs.sivarajan.com/
http://portal2.sivarajan.com
http://twitter.com/santhosh_sivara
http://www.linkedin.com/in/sivarajan

This posting is provided AS IS with no warranties,and confers no rights.
View user's profile Visit user's homepage
Guru
Junior Member
**




Posts: 27
Registered: 5/16/2011
Member Is Offline


[*] posted on 5/16/2011 at 01:33 PM


Regarding VPN

The server is running windows 2008 R2. I installed the Routing and remote access. I configured and enabled the VPN by customize by this method.
http://geekyprojects.com/networking/how-to-setup-a-vpn-server-in-wi...
Also I have setup network policy server to provide access. The authentication is based on active directory users. Once I do VPN, I am able to get into the network and get and ip address. But I am not able to go online or do remote desktop mstsc.exe to the server. Please let me know what could be the problem. I have also opened the ports 1723 pptp and protocol gre on the router.

Baltimore office has internet speed of 50Mbps. Also please let me know if the router can withstand many vpn sessions for this bandwidth. Is pptp vpn good enough or should I go for something else. If so what would be the best method to do VPN. Do you have any good links or materials that I can follow.

Thanks
View user's profile
Guru
Junior Member
**




Posts: 27
Registered: 5/16/2011
Member Is Offline


[*] posted on 5/16/2011 at 01:42 PM


We do have DFS running. Our entire D drive is shared internally between all users, linked with active directory to provide user control rights. The link speed for Newjersey main office is 25Mbps download and 5Mbps up and Baltimore branch office is 50Mbps down and 10Mbps up. We will have around 25 to 30 users in each location and we will have atleast 10 vpn session running per location at a time.

When I configure Baltimore office's server as additional domain controller in the existing forest, will there be any stoppage of production in Newjersey office. Does the baltimore server contacts the newjersey server to get the active directory users, groups, etc., if so how does it happen.
View user's profile
Santhosh Sivarajan
Super Administrator
*********




Posts: 299
Registered: 6/29/2009
Location: USA
Member Is Offline


[*] posted on 5/17/2011 at 10:43 AM


>> When I configure Baltimore office's server as additional domain controller in the existing forest, will there be any stoppage of production in Newjersey office. Does the baltimore server contacts the newjersey server to get the active directory users, groups, etc., if so how does it happen.

No. It wonít impact end user or business. But the new server has to contact the old DC to get the AD information. AD replication will happen after that. You might see some replication traffic across the link. It depend on the AD objects and database size.




Santhosh Sivarajan, Microsoft MVP-Directory Services

http://blogs.sivarajan.com/
http://portal2.sivarajan.com
http://twitter.com/santhosh_sivara
http://www.linkedin.com/in/sivarajan

This posting is provided AS IS with no warranties,and confers no rights.
View user's profile Visit user's homepage
Guru
Junior Member
**




Posts: 27
Registered: 5/16/2011
Member Is Offline


[*] posted on 5/17/2011 at 01:15 PM


Thanks Siva,

Regarding VPN

The server is running windows 2008 R2. I installed the Routing and remote access. I configured and enabled the VPN by customize by this method.
http://geekyprojects.com/networking/how-to-setup-a-vpn-server-in-wi...
Also I have setup network policy server to provide access. The authentication is based on active directory users. Once I do VPN, I am able to get into the network and get and ip address. But I am not able to go online or do remote desktop mstsc.exe to the server. Please let me know what could be the problem. I have also opened the ports 1723 pptp and protocol gre on the router.

Baltimore office has internet speed of 50Mbps. Also please let me know if the router can withstand many vpn sessions for this bandwidth. Is pptp vpn good enough or should I go for something else. If so what would be the best method to do VPN. Do you have any good links or materials that I can follow.

When I do VPN as i told above, I get the ip address from the network but I am not able to do mstsc.exe or go online. Please help.
View user's profile
Guru
Junior Member
**




Posts: 27
Registered: 5/16/2011
Member Is Offline


[*] posted on 5/17/2011 at 01:17 PM


Also can pptp vpn handle that many users with the bandwidth mentioned above. Do i need any special routers or can i just do it like i mentioned using verizon router as pass through vpn.

[Edited on 5/17/2011 by Guru]
View user's profile
Guru
Junior Member
**




Posts: 27
Registered: 5/16/2011
Member Is Offline


[*] posted on 5/17/2011 at 01:21 PM


If i make baltimore as additional domain controller, can both the domain controller work at same time?
View user's profile
Santhosh Sivarajan
Super Administrator
*********




Posts: 299
Registered: 6/29/2009
Location: USA
Member Is Offline


[*] posted on 5/17/2011 at 01:50 PM


>> If i make baltimore as additional domain controller, can both the domain controller work at same time?

Yes. It is an additional DC. Both DCs can perform read and write operations.




Santhosh Sivarajan, Microsoft MVP-Directory Services

http://blogs.sivarajan.com/
http://portal2.sivarajan.com
http://twitter.com/santhosh_sivara
http://www.linkedin.com/in/sivarajan

This posting is provided AS IS with no warranties,and confers no rights.
View user's profile Visit user's homepage
Guru
Junior Member
**




Posts: 27
Registered: 5/16/2011
Member Is Offline


[*] posted on 5/17/2011 at 03:39 PM


Thanks Siva for your help. I will try doing it as additional domain controller. Will let you know the proceedings and will get back to you for more help.

Cheers
View user's profile
Santhosh Sivarajan
Super Administrator
*********




Posts: 299
Registered: 6/29/2009
Location: USA
Member Is Offline


[*] posted on 5/17/2011 at 05:13 PM


You are very welcome. Please let me know if you need more information or help.




Santhosh Sivarajan, Microsoft MVP-Directory Services

http://blogs.sivarajan.com/
http://portal2.sivarajan.com
http://twitter.com/santhosh_sivara
http://www.linkedin.com/in/sivarajan

This posting is provided AS IS with no warranties,and confers no rights.
View user's profile Visit user's homepage
Guru
Junior Member
**




Posts: 27
Registered: 5/16/2011
Member Is Offline


thumbup.gif posted on 5/17/2011 at 05:33 PM


Sure I will

Five stars for u *****
View user's profile
Santhosh Sivarajan
Super Administrator
*********




Posts: 299
Registered: 6/29/2009
Location: USA
Member Is Offline


cool.gif posted on 5/17/2011 at 05:50 PM


Thanks! :cool:



Santhosh Sivarajan, Microsoft MVP-Directory Services

http://blogs.sivarajan.com/
http://portal2.sivarajan.com
http://twitter.com/santhosh_sivara
http://www.linkedin.com/in/sivarajan

This posting is provided AS IS with no warranties,and confers no rights.
View user's profile Visit user's homepage
Guru
Junior Member
**




Posts: 27
Registered: 5/16/2011
Member Is Offline


[*] posted on 5/18/2011 at 08:41 AM


Hi Siva,

Can you tell me which is the best software tool to do backup windows server 2008 and windows server 2008 R2. I will be doing the backup on an external 1TB segate usb hard drive. Please suggest me a good one. Will the backup be done as an image or how?
View user's profile
Guru
Junior Member
**




Posts: 27
Registered: 5/16/2011
Member Is Offline


[*] posted on 5/18/2011 at 05:10 PM


Hi Siva,

I tried adding the additional domain controller to the existing domain, but i am getting the following error.

"To install a domain controller into this Active Directory forest, you must first perpare the forest using "adprep/forestprep". The Adprep utility is available on the Windows Server 2008 installation media in the support\adprep folder".

Can you please help me with a solution. Since I am new to system administration I am not able to get what it is. Please suggest me a solution and if possible some reference materials.

Thanks
View user's profile
Santhosh Sivarajan
Super Administrator
*********




Posts: 299
Registered: 6/29/2009
Location: USA
Member Is Offline


[*] posted on 5/19/2011 at 10:40 AM


What version of AD are you using? It looks like are you trying run DCPROMO on a newer version of OS. That means you need to extend (ADPREP) your schema to support the latest version.

You can identify the schema version using the following method:

http://portal.sivarajan.com/2010/03/active-directory-schema-version...

Here are some info on ADPRE process:
http://technet.microsoft.com/en-us/library/dd464018(WS.10).aspx

Also, I have created WIKI article on the following link:
http://social.technet.microsoft.com/wiki/contents/articles/active-d...
Let me know if you need more info.




Santhosh Sivarajan, Microsoft MVP-Directory Services

http://blogs.sivarajan.com/
http://portal2.sivarajan.com
http://twitter.com/santhosh_sivara
http://www.linkedin.com/in/sivarajan

This posting is provided AS IS with no warranties,and confers no rights.
View user's profile Visit user's homepage
Santhosh Sivarajan
Super Administrator
*********




Posts: 299
Registered: 6/29/2009
Location: USA
Member Is Offline


[*] posted on 5/19/2011 at 10:42 AM


Also, make sure to use the correct version of ADPREP. We have 32 and 64 bit visions of ADPREP:

http://portal.sivarajan.com/2010/03/windows-2008-r2-adprep.html




Santhosh Sivarajan, Microsoft MVP-Directory Services

http://blogs.sivarajan.com/
http://portal2.sivarajan.com
http://twitter.com/santhosh_sivara
http://www.linkedin.com/in/sivarajan

This posting is provided AS IS with no warranties,and confers no rights.
View user's profile Visit user's homepage
Guru
Junior Member
**




Posts: 27
Registered: 5/16/2011
Member Is Offline


[*] posted on 5/20/2011 at 05:25 AM


Hi Siva,

My master server in Newjersey is a windows server 2008, so the object version should be 44. The additional domain controller that i am adding in baltimore is running windows server 2008 R2. Should i check whether its object version is 47. If not should i make it to 47?

Can these two sync, they have different operating system and object version?

Also when joining additional domain controller to the existing domain, all i have to provide is the existing domain name (newjersey.minotconnection.net) right. I should be connected to my main office through VPN to sync my branch office baltimore server to join it to the main server right. I don't need to create any new domain like (baltimore.minotconnection.net). Am i understanding it right? Please correct me if i am wrong.

Thank you

View user's profile
Santhosh Sivarajan
Super Administrator
*********




Posts: 299
Registered: 6/29/2009
Location: USA
Member Is Offline


[*] posted on 5/20/2011 at 06:24 AM


Your Schema version (object version) is 44 - Windows 2008. If you are planning to add a Windows 2008 R2 DC, you need to perform ADPREP first.

Run ADPREP/Forestprep and ADPREP/Domainprep from the Windows 2008 R2 CD. After the ADPREP the Object Version should be 47. Then you can perform DCPROMO on the Windows 2008 R2 server.

Yes. You can have Windows 2008 and Windows 2008 R2 DCs in the same domain.

I thought you have a dedicated link between these 2 locations?? Make sure new server is using old DC as the primary DNS. Make sure you can ping the old DC from new DC before you perform DCPROMO. Then run DCPROMO and select Additional DC for an Existing domain option. Then type the existing domain name.

Is newjersey.minotconnection.net is your domain name or FQDN?

Anyway, please run Netdom Query FSMO on your existing DC and post the output here.




Santhosh Sivarajan, Microsoft MVP-Directory Services

http://blogs.sivarajan.com/
http://portal2.sivarajan.com
http://twitter.com/santhosh_sivara
http://www.linkedin.com/in/sivarajan

This posting is provided AS IS with no warranties,and confers no rights.
View user's profile Visit user's homepage
Guru
Junior Member
**




Posts: 27
Registered: 5/16/2011
Member Is Offline


thumbup.gif posted on 5/20/2011 at 07:38 AM


You are awesome in replying.

I am sorry for misleading you. I don't have a dedicated link between these two. All I do is VPN to connect from one office to another. Should i have a dedicated line between them? when you say dedicated lines, are u talking about the leased lines? If so should i get one?

Also how can i check whether the new server is using old DC as primary DNS. when you say ping the old DC, should i ping the external ip? When i do vpn and add the name of the existing domain controller along with the admin account credentials (that is mine), after examining the DNS it is able to see the old DC and the domain.

I will post the snap shot soon.

Please help me understand better. Thank you

[Edited on 5/20/2011 by Guru]
View user's profile
Guru
Junior Member
**




Posts: 27
Registered: 5/16/2011
Member Is Offline


[*] posted on 5/20/2011 at 08:11 AM


Here is the output of the netdom query fsmo

c:\Windows\system32>netdom query fsmo
Schema master MinotServer1.newjersey.minotconnection.net
Domain naming master MinotServer1.newjerysey.minotconnection.net
PDC MinotServer1.newjersey.minotconnection.net
RID pool manager MinotServer1.newjersey.minotconnection.net
Infrastructure master MinotServer1.newjersey.minotconnection.net
The command completed successfully.


Minot is just an example. It is actually replaced by our company name and instead of newjersey its some other city.
View user's profile
 Pages:  1  2

  Go To Top

Powered by XMB
Powered by SiteGround Web Hosting

XMB Forum Software © 2001-2009 The XMB Group
[Queries: 16] [PHP: 73.6% - SQL: 26.4%]