Deploy Active Directory

  • Article

Updated: April 30, 2010

Applies To: Windows Server 2008, Windows Server 2008 R2

How you manage Active Directory and domain controllers in a branch office varies depending on the size, complexity, and structure of your overall network. If you do not plan to deploy a domain controller in the branch office location, Microsoft recommends that you establish a persistent connection between the two sites. If you do plan to locate a domain controller in the remote site with which you want to establish a site-to-site connection, you must place it in a subnet separate from the computers at the main site and create a separate Active Directory site for the branch office subnet.

To deploy a domain controller for a new branch office site

Note

This procedure assumes that both sites belong to the same Active Directory domain.

  1. Install Windows Server 2008 R2 on a computer at the main office, promote it to a domain controller, and then confirm that it successfully replicates with the existing domain controllers.

  2. Log on as a member of either the Domain Administrators or Enterprise Administrators security group of the forest root domain, open Active Directory Sites and Services, right-click Sites, select New Site, type a name for the new branch office site, and then, under Link Name, select the appropriate site link (such as DefaultIPSiteLink).

  3. Right-click the server object of the new branch office domain controller from its current location (which might be under Default-First-Site-Name), click Move, and then, in the Move Server dialog box, click the new site that you just created.

  4. Right-click Subnets, click New, and then click Subnet to create a new child for the new remote site, providing the appropriate network ID and subnet mask.

Note

If, until now, your domain has had only one site, you must create two child objects under Subnets — one for the main office site and one for the branch office site, each with its own network ID and subnet mask.

  1. If necessary to optimize network performance, make the domain controller a global catalog.

  2. Ship the new domain controller to the branch office site.

  3. Install a LAN adapter connected to the branch office intranet, and then, on the LAN adapter’s Internet Protocol (TCP/IP) Properties page, configure an IP address, subnet mask, and gateway appropriate for the branch office subnet.

The domain controllers in the main and branch offices cannot replicate yet, because the demand-dial connection does not exist yet. For information about how to configure replication after a connection exists, see Configure Replication for Active Directory.