Adding a remote machine to Domain?

bremen1874 · 18 Mar 2009 at 04:14

Not really a hardware question but having looked at the Windows & Other Software forum this seems like a better place.

I want to connect a single PC in a remote office to the head office's Domain.

The head office is running SBS2003 and is connected to the remote office with a site-to-site (router-to-router) IPSec VPN connection.

The WAN connection handling the VPN is separate from the one used by SBS2003 for Exchange and local web access. The VPN terminates on the LAN side of the SBS2003 server which has a static routes configured to point the VPN traffic back in the right direction.

The two offices are relatively close together so moving machines isn’t a problem.

Any pointers as to how this can be achieved?

Baz · 18 Mar 2009 at 06:45

As long as the machine at the remote site has its networking configured properly with DNS pointing to the AD server, it will see it and join the domain as if it was at the head office.

What it sounds like is that the head office has a dedicated internet connection and then a WAN connection, so a Proxy server (which SBS has I think) will be required if you want the remote PC to have internet access.

for example:

Your head office IP Range is 198.168.1.xxx and the SBS server is 192.168.1.10 and the WAN Router is 192.168.1.254
the remote office is 10.10.46.xxx and you set the remote PC to be on that range using the WAN router as it's gateway, and it's DNS server to the SBS server. You just need to make sure the SBS server has got the correct routing tables as it won't initially know which gateway to use. If you don't, the PC will see the server, but the server will not know where to find the PC..

iaind · 18 Mar 2009 at 08:45

Baz is correct, provided it has it's DNS server settings configured, the process is exactly the same as adding a local machine.

If you're using roaming profiles, you might want to reconsider how you're using them as they could take a while to load over a WAN.

For internet access, most firewalls allow you to set the default gatway as the other side of the tunnel or to use the ISPs default gateway and specify a static route to the subnet(s) at the other end

bremen1874 · 18 Mar 2009 at 13:06

Thanks for the information, I hadn't realised it would be as simple as that. I’ll give it a try later and see how it goes.

iaind · 18 Mar 2009 at 13:28

bremen1874 said:
Thanks for the information, I hadn't realised it would be as simple as that. I’ll give it a try later and see how it goes.

It should be, but nothing's ever as simple as it's meant to be

If there's a firewall for example, you'll need to open the correct ports for LDAP/DNS/SMB etc