Andrew Palmer

I would say test a restore. I wouldn't trust this comment either without seeing it for myself.

DNS Right Click Reverse Lookup Zones > New Zone... My typical values for a network are to make it a primary zone and store it in AD. Replicate to all DNS Servers in the AD Domain. Network ID is what your domains subnet is (e.g 192.168.0.) Allow Secure Updates Only. DNS over time will create new PTR records as and when machines register their DNS information. Again this isnt really needed but it allows you to resolve an IP address to its hostname rather than being just hostname to IP. Browsing UNC paths is never that fast over VPN's I find. I've seen a 2mb/2mb link once which was bearable. To overcome this issue most people look at Terminal Services.

Don't forget to remap the network drives to \\domain\dfsroot for added redundancy.

Is this persons PC a member of your AD domain? If it is and DHCP is setup correctly it will automatticaly add his hostmask to your DNS. If not then you will need to manually enter it unless your DNS is set to allow insecure updates. To manually add a host do the follow... DNS > Forward Lookup Zone > domain.com Right click domain.com and select "New Host (A)..." Enter his computers hostname and IP address into the provided boxes. Depending if you have a Reverse Lookup Zone PTR doesn't matter than much. I would say leave it ticked and click "Add Host". It might give you an error about not being able to create a PTR record at which point you can safely ignore.

It sounds like it is as your managing to resolve FQDNs like host.domain.com. Just check what DNS your computer is using when connected via the VPN.

You want to create user folders but only give the users read access?

I've never used the Windows VPN stuff. Are the DNS addresses the address of the Active Directory DNS server?

So you say these domain controllers are syncing together? I would say get them sorted in Sites and Services. Rename the Default-First-Site to something more relevant (e.g HQ). Create a new site again giving it a relevant name. Create a subnet for the new network as well as one for your HQ's if you haven't done so already, matching the subnet to the site. Right click the server in the branch office and move it to the new site. Inter-Site Transports > IP. Rename the DEFAULTIPSITELINK (e.g HQ<>Branch). Right click > Properties. Add the new site to the site link. If you need to change any replication schedules. Im not sure about the exchange side of things. If its working ok as it is at the moment then nothing should change. When I have done it I install an Exchange into the new branch office. Mail all comes in at the head office end where the Exchange there distributes it to the correct server depending on which Mailbox Store the users account resides on. The question about FMSO roles is an odd one. If your two DC's are indeed communicating at the moment then there will only be one DC with these roles. Typically this is the first DC for the domain unless someone's changed this. Nothing needs to change. What I will say though is make both servers GC servers. You should always have at least one GC server at each site. Now that you've told AD Sites and Services more information about the network it resides on it will use this to check which server is most local to a user. Hopefully this will put an end too any slow access your users are experiencing. Apart from Exchange I guess.

I've just done a Windows NT4 migration to a Windows 2003 Server migration that seemed to go quite well. The only huge issue is that I cannot join new computers to domain.co.uk but I can join them to the NetBIOS domain name. After lots and lots of investigating I have given up and removed the Windows 2003 server and promoted the old NT4 server back to the PDC. Since I don't have another 3 days to waste I am looking at doing a migration using ADMT v3. I think I can manage it but I have a question. You can move computer accounts to the new domain but how do the client workstations know they are now part of a new domain. Surly the PC's still look for DOMAIN rather than NEWDOMAIN? Thanks before hand.