joining a client to a Domain over a WAN link

  • Thread starter Thread starter manley
  • Start date Start date
M

manley

I have a division office with 6 regional offices. Division holds the
DC. Each regional office are peer to peer and connects to division via
vpn and has a different subnet...192.168.1.0, 192.168.2.0, 192.168.3.0
and so on. How can I join the regional clients to the division
domain??

Thanks in advance.
 
I have a division office with 6 regional offices. Division holds the
DC. Each regional office are peer to peer and connects to division via
vpn and has a different subnet...192.168.1.0, 192.168.2.0, 192.168.3.0
and so on. How can I join the regional clients to the division
domain??
Click to expand...

Router. Or at least RRAS.

Jeff
 
We use the Linksys vpn router in each region to connect to our Linksys vpn
router at division.
 
If you have a persistent VPN and can ping the internal IP of the Division
DNS server from the regional office machines, you can simply configure
remote clients to point to that IP for primary DNS and you should be able to
join the domain. If instead your regional computers are VPN clients, then
you can join the domain over the VPN connection, but after joining you will
need to use the Logon using Dial-up connection option at the logon screen.
Performance over this type of connection may be unacceptable - you might
want to consider configuring each regional office as a separate Site and
installing local regional domain controllers.

Doug Sherman
MCSE Win2k/NT4.0, MCSA, MCP+I, MVP
 
Thanks for your input Doug. Yes, they have persistant VPN connections to
Division. My goal is to have all files stored and backed up at the Division
office, to push out MS updates and Hot Fixes via Shavlik and utilize MS
Outlook as a MAPI Cient instead of pop3. There are up to 15 pc's at each
Regional office. Is there a better solution than what I have planned? We
are a non profit organization so funds need to be well spent.
 
There are 'better' solutions such as dedicated T1 links, regional domain
controllers, etc. - all it takes is money. There is nothing wrong with your
proposed solution - just a question of bandwidth/speed. However, the
performance issue may not be significant, and it is easily tested - join a
few regional machines to the domain, see how long it takes them to logon,
transfer files, etc. If performance is acceptable for a single regional
office, then the solution is probably a practical one even if adding other
regions proves to be a performance killer. At that point you would be in a
position to make a reasonably accurate calculation of the cost/benefit for a
2nd or 3rd broadband/VPN and compare it to the cost of alternatives.

Doug Sherman
MCSE Win2k/NT4.0, MCSA, MCP+I, MVP
..
 
Doug Sherman said:
you can join the domain over the VPN connection, but after joining you will
need to use the Logon using Dial-up connection option at the logon screen.
Click to expand...

Only if this is a Remote Access VPN. This is not required if it is a
Site-to-Site (Router-to-Router VPN) because the clients aren't initiating
the VPN.
 
Well, I tried this method on 2 different regional offices. I get the message
domain not avaliable. I have pointed the client pc's to the DNS server at
Division also modified the hosts files to point to the DNS server which is
also a GC server. However, I can unc to the resouces on the server. Any
suggestions. I do appreciate everyones efforts in helping with this issue.
 
We use the Linksys vpn router in each region to connect to our Linksys vpn
router at division.
Click to expand...

So you can access everything by IP, or also by name? Assuming W2K and
Active Directory, are the clients using the main office's DNS as
primary? If not, that's all you *should* need to be able to join the
domain.

Jeff
 
Jeff Cochran said:
So you can access everything by IP, or also by name? Assuming W2K and
Active Directory, are the clients using the main office's DNS as
primary? If not, that's all you *should* need to be able to join the
domain.

Jeff
Click to expand...
 
Back
Top