General discussion


AD Replication over WAN

By claywilson ·
I would like to put a Domain Controller out in our remote office and have Active directory replicate over a demand-on-dial router-to-router internet VPN connection. I have created another domain controller and have had it replicating within our existing domain. Now I have taken it out and want to move it to our remote office and setup the router-to-router-VPN. I have built 2 VPN servers, one for our head quarters and one for the remote office.

By the way this is all windows 2000/server.

I need some easy to follow instructions on how to set this up. I have tried but failed so far. Has anyone succesfully implemented something like this before... I get confused with the routing and the 2 nics in each VPN server.. Any help would be great.


This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

by CG IT In reply to AD Replication over WAN

heres an article on Windows 2000 on how to setup a VPN.;en-us;300434&Product=win2000

Note: Access routers must be configured to allow port 1723 and GRE port 47 traffic for the VPN request to a RRAS server and make a connection for PPTP VPN traffic.

Collapse -

by CG IT In reply to

additional note: 2 NICs shouldn't be a problem. One WAN one LAN. Just configure the LAN NIC with a Static IP address [if you haven't already done that. WAN NIC addressing goes with how your ISP assignes your Public IP address.

Also of note is the type of routers you use. As I mentioned above, firewall/routers need to allow the VPN traffic to pass through it. Endpoint routers setup and configuation is a little more entailed as the tunnel is established and maintained by the routers themselves and not the RRAS VPN servers.

Collapse -

by claywilson In reply to

Poster rated this answer.

Collapse -

by sgt_shultz In reply to AD Replication over WAN

i get confused too let me (anyone) tell you. isn't it so fun. beats the heck out of Zork...

here is what i think i can tell you about the 2 nics in each. that means box is 'mult-homed' as you know. it means you have two separate network segments, one nic on each segment. this is done when wish to connect 2 segments together. you could have box be very expensive high maintenance bridge or router. i think you could actually do what you wish to accomplish with single-homed boxes. in the case of your vpn servers you will have one nic in each box on vpn/internet segment and one on private lan segment. you can either bridge those two connections or route them between them. routing gives you lots of security options. bridge will be more intuitive, like two segments hard wired almost. you get one or the other not both. if you bridge, you get no nat. if you route you will need to port-forward probably. microsoft has been trying to train us for years to write down our requirements, all our 'desired outcomes' and think it is good idea. i am not usually smart enuf anymore to write them all down at beginning of project and management thinks i am not working when planning (sigh) but i can start with what i know and add as go along. not quite ready fire aim but somewhat better (smile). have fun.

Collapse -

by claywilson In reply to

Poster rated this answer.

Collapse -

by claywilson In reply to AD Replication over WAN

This question was closed by the author

Related Discussions

Related Forums