Windows 2003 Domain Tree

[tabich]

AFAIK, you cannot have a global catalog on a server with out it being a domain controller.

So, install AD on server in city 2. It can be part of the domain you created in city 1.

Basic instructions for doing this(might wanna research a bit yourself as I am going from memory).

1. Install win 2003 server, add active directory to it with the dcpromo command make sure that the AD integrated dns stuff is setup in your dns settings afterward.
2. setup users and groups, etc, etc.
3. Go to STart>programs>admin tools>Active Directory sites and services, and add the following things
- Subnet for office in city 2
- Site for your office in city 2, using the subnet you just created.
- intersite transport between city1 and city2. (you may have to do this step after promoting server in city 2, but I seem to remember doing it before hand, give it a shot, see if it works).

4. now you have 2 choices,
OPTION 1 install the city 2 server at city 1 and promote to domain controller there, then move it, and change the site in active directory(I have had some issues with this, it never seemed to like what happened).

OPTION 2 and this one I have had lots of luck with, install win2003 on the other server but DO NOT join it to the domain during install.

Make sure that your vpn is up.
Point the second server to city1 server for dns info.

Run the dcpromo command on the city2 server and add it as a domain controller to the same domain you have already created. Again, check dns info afterward. make sure that city2 hosts an active directory integrated dns domain for the name you chose for active directory domain.

In network settings of city2 server, point it to itself for dns lookups.

Some other notes. Make sure that you install the admin tools and support tools for win2003 server, those can be located(I am going from memory here, and also memory of windows 2000) in cd drive\i386\adminpak.msi and another installer in cd drive\support somewhere.

Once that is installed you should have an option under your start programs, for support tools, then use Active directory replication monitor to verify that replication is working.

DNS info is VERY important for replication so make absolutely sure that city1 server hosts an active directory integrated zone for the domain in dns, and after install city2 needs the same thing.

You may be able to tell win2003 installer to do that dns stuff, I cant remember.

IF you have unstable links like you do, you probably want to check on the replication between servers fairly frequently, once a day anyway. If the last attempted replication failed, you will want to make sure your vpn is up, and then initiate another one from inside the Active Directory Replication monitor tools.

disclaimer, most of this information is directly related to windows 2000 and not specifically windows 2003, but it should be similar enough so as not to matter.

if you dont see adminpak.msi, or the support tools installer on the win2003 cdrom, search for windows 2003 adsiedit and then support tools and you should find where they live so you can install them.

[SDK]

Good Info! I wish I could give you more AP but I cannot right now but they I'll come at some point!

Basically, this setting would give me one domain with 2 Domain Controler across 2 sites, both using the same Active Directory and DNS with a replication between those? After that, all I need it to set security so only city1 can make change to Active Directory on both Domain Controler? Right?

Another question : With this setting, it's easy to force all ip coming from a subjet to a specif DNS like computer.city1.domain.com