1

Hi Guys

I am planning setting up a new branch office and from an Active Directory point of view have not done this before. Can you see anything I have missed or have wrong with the following rough plan?

Notes: Sites will be connected via IPSEC VPN. Existing DCs and domain level is 2012 R2. New DC will be same.

Existing DC Sites and services:

  1. Create new site
  2. Create subnets and associate to new site
  3. Create Servers container in new site

Branch DC

  1. Install Server 2012R2
  2. Static IP – Primary DNS point to existing DC. Secondary DNS point to self
  3. Join to domain and windows update
  4. Install ADDS
  5. Promote this server to a domain controller
  6. Add to existing domain/select domain
  7. Tick DNS and Global GC
  8. Site name – select new site created
  9. Replicate from any domain controller – Is this the recommended setting?
  10. Reboot
  11. Change DNS primary to itself and secondary to other existing DC

I assume I do not need to adprep as I am keeping everything at the same level?

Thanks!

2 Spice ups
2

If you create a new site and segregate the subnets, you will have 15 minute site replication latency and its a pain to shorten. If you put it in the existing site (assuming there is only one) all sites will replicate immediately, which usually equals seconds instead of minutes.

Don’t set the DNS to itself until you’ve promoted it to a DC. Then point the primary to itself and the secondary to the next closest one.

Does it need to be a global catalog? You should evaluate this first as it does increase the traffic between the DCs. If your IPSEC link is meh or flakey, it might cause annoyances.

If you decide not to make it a GC, evaluate your FSMO roles to ensure everything is balanced properly.

How many other DCs are in your environment?

3

What kind of link between sites? When I did a 15 Site AD Rollout out I built all the DC’s in the MAIN Site, after everything replicated, I shutdown the DC’s shipped them and then Moved them into their Sites, then once the arrived booted up everything worked.

Your plan seems sound, consider how I did it.

4

Thanks. Link between sites is 30Meg so not too worried if promote and let replication run over the weekend. I currently have 4 DCs over 3 sites so 15 minute replication intervals are fine for us