Internet Facing Domain Controllers
TechSalvager
up and I was wondering if anyone has done this before. Any info would
be nice.
Goals here
windows server 2008 R2
Goal 1
Internet facing Domain controller, that you can use anywhere in
the world and mobile computers can connect to on other networks
with internet connections without having static dns settings.
Goal 2
After domain controller is properly setup install IIS and setup
small website, html based.
Goal 3
Get laptop to test internet facing domain.
TechSalvager
mine on the internet about domain controllers. I had learned from him
that he has seen CIFS\SMB being used on the internet by some of the
companies he has been to before. While talking about that I also found
it he had noticed they had their windows domain also facing externally
and hooked up to the internet. Now there maybe a proper term for this,
possibily its called a external windows domain, so far I'm not sure
and have called it as such Internet Facing Windows Domain Controllers.
Bit of a name, see the goal is to put Windows AD on the internet, WHAT
DID HE SAY?!, yes on the internet to see if its possible and to see
what is needed what items have to be done for it to work correctly.
Its also to see if clients and domain controllers can be connected and
replicate data without much\any problems without needing a static DNS
setup on client computers to be able to connect to the domain directly
over the internet
Currently this is still ongoing struggle mainly because of my lack of
knowledage in Windows AD and DNS. Many people at ##windows-server
irc.freenode.net have helped me understand where to go and what to do,
I like to thank them for that, mota, beta2k, sirstan, scratchme,
harlock, others that I forget that have helped.
Now onwards to what I've found out and what you need.
You will need to purchase a domain from an internet registar,
personally I recommend godaddy.com, they have specials all the time if
you watch carefully enough and their support is 24\7 and have live
call support 24\7 as well.
You need a windows server os with the ability to setup active
directory and DNS. I used win2k3r2 but I have my bets 2k8 may work
just as well if not better. I have a bigger feeling now that 2k8 will
work better for this after working on rpc.
1 Purchase a domain from an internet registar. example www.godaddy.com
2 Set up a host say foo.domain.com to your domain controllers ip so
you can change your nameservers to point to your domain controllers ip
and not godaddys ip's. You will need to create atleast two of them.
Depending on the TLD of the domain it may take up to 48 hours to
populate these on the internet, and when I say 48 hours I mean it!
Also a ".com" TLD will populate faster.
3 Setup Windows server.
4 Update windows server.
5 Set static IP settings for internal network and disable any NIC's
not needed. This way the computer and windows DNS won't become
confused.
6 Install Active directory services either from add roles or running
dcpromo.
7 Put in the name of the domain that you bought when dcpromo asks for
a name.
8 Once its finished you will need to restart, do so and wait 30
minutes before testing.
9 Run dcdiag to check the domain controller is running fine, then run
dcdiag with the access creds of the admin to test it from a different
box on the local network to make sure its fine from there as well.
10 After everything checks out correctly. Log into your domain
registar and change your nameservers to the ones you created to point
to your domains ip.
11 You will need to log into your router and make it so the domain
controller is either in a dmz or has ip passthough set to it.
12 Change the network settings so that it mirrors the WAN setup on the
router\modem.
13 In the DNS manager go to forward lookup zone > domain.com. You will
need to add two A records for the nameservers you setup at your
internet registar so it points the nameservers to the correct ip for
name resolution.
14 Also if you click the item that has nameserver pointing to you
domains ip it should show you computername.domain.com to ip. In there
I also added domain.com to ip. I don't know if its needed or not but I
decided to try.
15 ipconfig /registerdns
16 Wait 30 minutes and test dcdiag on the domain controller.
17 Use nslookup or dig to test the domain.com address for replies and
to see if the nameservers are working correctly.
18 Test dcdiag on a client computer.
19 Connect a workstation windows to the domain and test more.
Yes these instructions are crappy. I'm not used to writing and its
terrible, but I rather write this info for everyone then not and lose
how I got this setup working. I am also in the process of making a
diagram to show visually whats going on. If anyone has any comments,
post them, help, info, hate, just post it.
EDIT:
I have now fixed my FSMO failure, its caused by RPC not working
correctly. The ports need to be setup to allow communications across
the internet. This MS KB article http://support.microsoft.com/default.aspx/kb/154596/
tells you what to do.
TechSalvager
Remote Procedure Call (RPC) Locator RpcLocator - manual - stopped
Distributed Link Tracking Client TrkWks - manual - stopped
Distributed Link Tracking Server TrkSvr -disabled
I had to enable these in service.msc