Hamachi:Synchronize Microsoft Active Directory Domain Controllers

From LogMeInWiki

Jump to: navigation, search

This HowTo will show you how to synchronize your mult-site domain's Domain Controllers using only Hamachi and Microsoft technologies.

Contents

Main Domain Controller

Set up Domain controller here at LMI on a virtual machine as “DC1” DNS is not stored in AD at this time.

Configured DNS reverse look up zone for the 5.x.x.x network. Configured DNS on DC1 with a manual Host (A) entry for the other server’s 5.x.x.x address

Off-site Server (if not already a Domain Controller)

  1. Install the server into a VM there
  2. Install Hamachi and joined my existing network containing DC1
  3. Set the DNS server of DC2 to be that of DC1 (on the Hamachi network adapter only)
  4. Configure DNS manually to have a forward look up Zone for the domain
  5. Configure DNS to have a manual Host (A) record for DC1’s 5.x.x.x address
  6. Configure DNS to have a reverse look up zone for the 5.x.x.x network
  7. Configured DNS with a manual PTR record for DC1
  8. Run dcpromo from the command line on DC2 and put it in the same Domain as DC1

At this point, both were talking to each other and replicating changes as if they were on the same LAN. The small downside at this point is DC2 is sending its DNS requests to DC1 rather than handling its own. In reality, since the Windows internal network stack is doing this as needed, it’s only going to make DNS requests over the WAN link when they are within the scope of the 5.x.x.x network, and only for DC2 itself. Since it’s only the domain controllers that will do this at this point, that shouldn’t be an issue.

Active Directory Sites and Services

Utilizing this part of Active Directory, you can control the bandwidth used by Active Directory between the sites, schedule when it is used, and generally improve your WAN connection. What I did was basically create a new site, and move the DC2 server to it. It sounds trivial, but is necessary in order to take advantage of Active Directory’s replication throttling on the connection, to ensure you don’t tax the WAN link bandwidth and schedule the replication.

Conclusion

So, after all this, I am able to make changes on one controller, and reflect them to the other. I don’t have another machine, physical or virtual, to test joining the domain, but this will most likely work. I can say that because the server is listening as a service for these requests locally anyways, and not on a specific interface.

The caveat here is, if you store DNS in AD, it’s going to replicate that data to both sides, and off site clients connecting to your off-site DC will get Hamachi IP info for the main DC. This really doesn’t matter much since they don’t actually need to connect to that DC, since all authentication/access is done through the off-site one, but it’s something to bear in mind.

The saving grace in that is that you can use Routed tunneling to connect EVERYTHING together.

Retrieved from "http://logmeinwiki.com/wiki/Hamachi:Synchronize_Microsoft_Active_Directory_Domain_Controllers"
Personal tools