0

We have a domain controller at our remote site that doesn't have any DNS server or DNS replication. I have just setup a client machine that was using a local account to instead use a domain account. It connected to the domain fine but I couldn't login at first as it could not contact a logon server.

I tried the normal hosts file to link the domain name to the IP of the DC but this didn't work.

I changed the domain controller DNS to look at the primary DC over demand-dial VPN. I changed the client DNS to look at the domain controller DNS.

Now I can login and authenticate to the domain but it is very slow. I can't configure certain things that rely on the domain such as adding domain users to the remote desktop users and GPupdate is failing too.

If I go to %logonserver% I get to the domain controller I want to be connected to.

I figure I am wrong that I can get DNS from the primary DC by client -> DC(secondary) -> VPN -> DC(primary).

Could you advise on a better DNS configuration? Should I not be reconfiguring the network adapter DNS to do this and instead be using LMhosts to force the client to authenticate to the domain controller.

TIA.

Kind regards,

James

James Pitt
  • 103

1 Answers1

3

First of all, Windows 2000+ (Active Directory) does not have a concept of primary and secondary domain controllers. Domain Controllers are "equal" (see What is Active Directory Chapter "Availability concerns"

To your problem: I would suggest that you setup your DC in the Branch office as a DNS Server, and your problems are likely going away. Its a good practice to have Domain Controller as well as DNS in branch offices.

Community
  • 1
MichelZ
  • 11,138
  • 1
    Yes please, for the love of all that is sane, make that DC a DNS server! – ThatGraemeGuy Jul 16 '12 at 10:27
  • Thank you for the suggestion to make the DC a DNS server. Unfortunately I have very little experience with replicating domain controllers. We have 5 DC's and this is probably one of the few that does not have DNS replication. How complicated and risky is doing this? Perhaps I should organise a 3rd party supplier to do this for us. – James Pitt Jul 16 '12 at 10:34
  • It is very common to do this, I don't think there is a great risk. Organizing a third party is probably a good idea if you are a rookie. – MichelZ Jul 16 '12 at 10:41