Subnets

[Guest]

Hello,
I have four offices and two of the offices have a Domain Controller (they
are separate sites). The other two offices have just a couple of people in
them and until recently did not need to share resources. Each office is
configured and protecteced with a Sonicwall device and the device is
configured to hand out ip addresses for the two offices that do not have a
domain controller. There is a vpn set up for all four offices. My question is
how can I go about having the two offices that do not have a domain
controller be authenticated by one of the Domain Controllers?

 

[Phillip Windell]

First you need Site-to-Site VPN links that work perfectly and dependably so
that all Sites communicate with each other. If they aren't both of those
things, you are waisting your time.

Then all the machines in all the Sites have to use the AD/DNS (Domain
Controllers) as their *only* DNS Servers. Do not allow them to use the
Firewall Devices or the ISP's DNS as the DNS sources.

A common WINS Server for the whole LAN is a good idea too.

In the Forwarders List on each AD/DNS machine add the ISP's DNS server. This
is the only place it should ever appear.

Join the machines to the Domain.

Users log in with their Domain Accounts. The user's profile from thier
previous Local Accounts will have to be properly copied to the Domain
Accounts.

 

[Guest]

Phillip,
Thank you for responding and the help.
if I am reading your post correctly - you are saying this can not be done. I
do not have Domain controllers in every office. I do have them in two of the
offices and they are set up through sites and services and all works as it
should. I can get to the computers in the other two offices because I do have
a reliable vpn connection. However, i want them to be authenticated by one of
the Domain controllers.

First you need Site-to-Site VPN links that work perfectly and dependably so
that all Sites communicate with each other. If they aren't both of those
things, you are waisting your time.

Then all the machines in all the Sites have to use the AD/DNS (Domain
Controllers) as their *only* DNS Servers. Do not allow them to use the
Firewall Devices or the ISP's DNS as the DNS sources.

A common WINS Server for the whole LAN is a good idea too.

In the Forwarders List on each AD/DNS machine add the ISP's DNS server. This
is the only place it should ever appear.

Join the machines to the Domain.

Users log in with their Domain Accounts. The user's profile from thier
previous Local Accounts will have to be properly copied to the Domain
Accounts.


--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

Hello,
I have four offices and two of the offices have a Domain Controller (they
are separate sites). The other two offices have just a couple of people
in
them and until recently did not need to share resources. Each office is
configured and protecteced with a Sonicwall device and the device is
configured to hand out ip addresses for the two offices that do not have a
domain controller. There is a vpn set up for all four offices. My question
is
how can I go about having the two offices that do not have a domain
controller be authenticated by one of the Domain Controllers?

 

[Phillip Windell]

Phillip,
Thank you for responding and the help.
if I am reading your post correctly - you are saying this can not be done.

No, I did not. I told you how to do it.

do not have Domain controllers in every office.

Geography has nothing to do with it. They will use the Domain Controller
according to their DNS settings. That is why they have to use a DC for DNS
and never an ISP's DNS.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Deployment Guidelines for ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/prodtechnol/isa/2004/deploy/dgisaserver.mspx
-----------------------------------------------------