• Reset a computer account
•  

8. Deployment of VPN gateways

8.1. Create users for connection from the remote site

Since all of our servers are currently in a workgroup, you need to open the "Computer Management" console and go to : Local Users and Groups -> Users.
Then, right click in the empty area of the list and click on "New User".

On the Brussels VPN server (brux-vpn), create a "paris" user with a secure password and uncheck the "User must change password ..." box so that the account can be used from the remote VPN server.

Then, right-click "Properties" on the created user and go to the "Dial-in" tab.
In this "Dial-in" tab, select "Allow access" to allow access through the VPN server.

On the Paris VPN server (paris-vpn), create a "brussels" user with a secure password and again uncheck the "User must change password ..." box.

Again, in the properties of this user, allow network access in the "Dial-in" tab.

8.2. Connection from Brussels to Paris

To connect from Brussels to Paris, go to the "brux-vpn" server and create a new demand-dial interface by following step "5.2. Connect site 1 (Brussels) to site 2 (Paris)" of our tutorial about VPN gateways.

In our case, the WAN IP address of the Paris VPN server is "192.168.1.12", because we carried out our tutorial with several virtual routers connected with each other. But, in production, it's the IP address of your ISP in Paris which should be indicated here.

The account used to connect to the "paris-vpn" VPN server is the "bruxelles" account.
Thus, on the Paris VPN server, you can know that it is Brussels that has connected and this allows you to block the connection from a remote site by blocking the account concerned if necessary.

The Brussels VPN server now has a demand-dial interface allowing connection to the Paris intranet.

8.3. Connection from Paris to Brussels

To connect from Paris to Brussels, go to the "paris-vpn" server and create a new demand-dial interface by following step "5.3. Connect site 2 (Paris) to site 1 (Brussels)" of our tutorial on VPN gateways.

The principle is the same except that you must specify here the WAN IP address (the one provided by your ISP) of Brussels.

Use the "paris" account to connect to the "brux-vpn" server.

The Paris VPN server now has a demand-dial interface allowing connection to the Brussels intranet.

9. Create your Active Directory forest on the 1st Active Directory site

To begin, we are going to create our forest and our Active Directory domain on our 1st domain controller (DC1) of our 1st Active Directory site (located at Brussels).
To do this, all you have to do is install the "Active Directory Domain Services" role on the "brux-dc1" server and create a new Active Directory domain.

For detailed informations about creating a new domain controller, refer to the tutorial : Create an Active Directory domain controller (new AD domain).

Once Active Directory Domain Services are installed, click on the "Promote this server to a domain controller" link.

In the Active Directory Domain Services Configuration Wizard that appears, select "Add a new forest" and type the name of the domain you want to create.
In our case : informatiweb.lan

Specify a password for the Directory Services Restore Mode (DSRM).

Note that since this is the 1st domain controller for this Active Directory domain, this domain controller is forced to act as a "Global Catalog". It's for this reason that the "Global Catalog (GC)" box is checked and grayed out.

The NETBIOS domain name is generated from the left side of the specified domain.
In our case, the wizard therefore chose : INFORMATIWEB.

Click Install.

After the domain controller is restarted, your domain will have been created.

As you can see in the "Active Directory Users and Computers" console, our "informatiweb.lan" domain currently contains only one domain controller named : BRUX-DC1.

After installing AD DS services, the DNS configuration of the BRUX-DC1 server must be updated.
The DNS servers to indicate are :

• 127.0.0.1 : which corresponds to the server itself. The installation of Active Directory Domain Services having also installed a DNS server on this server with the DNS zones corresponding to your domain.
• 10.0.1.12 : which corresponds to the IP address of the 2nd domain controller of site 1 at Brussels that we will configure in the next step.

10. Add an Active Directory domain controller on site 1 at Brussels

To add a domain controller (brux-dc2) to the Brussels site, install Active Directory Domain Services on it.

For detailed information on adding a new domain controller to an existing domain, refer to the tutorial : Add a domain controller to an existing AD domain.

Once the "Active Directory Domain Services" role has been installed, click the "Promote this server to a domain controller" link.
Then, in the promotion wizard that appears, this time choose "Add a domain controller to an existing domain" and click on the "Select" button.
Provide the credentials of an account (in the format : [NETBIOS domain name]\[user name]) authorized to join computers to the domain, then select the domain to which you want to add this domain controller.

In our case, we used the credentials of the domain administrator (INFORMATIWEB\Administrator) and selected the "informatiweb.lan" domain.

Choose whether you want it to act as a global catalog or not, knowing that this is not required.

Note that by default, the domain controller will be added to the default Active Directory site "Default-First-Site-Name". Indeed, we will configure this once all the domain controllers have been created and linked together.

The wizard offers you to choose from which domain controller it should replicate the data of your Active Directory domain.
For the moment, there is only one domain controller available in the list, but we advise you to select the 1st server of the same Active Directory site (in our case : brux-dc1).

After the promotion as an Active Directory domain controller is complete and the server is restarted, change the DNS servers of this domain controller to :

• preferred DNS server : 127.0.0.1. In other words : itself.
• auxiliary DNS server : 10.0.1.11. This corresponds to the IP address of the 1st domain controller at site 1 (Brussels).

If you open the "Active Directory Users and Computers" console on this second domain controller, you will see that we are indeed in the same domain and that we have 2 domain controllers : brux-dc1 and brux-dc2.