Hi All,
I have been running UCS for nearly one year. Now I want to setup UCS for another branch offices for our organization. I have finished below steps:
setup a new UCS server, which is slave UCS, have been joined to the current UCS domain
the network (different subnet) between branch and head office is ok
Now I want:
I want branch A have the domain name is branch1.ABC.COM, so the user of branch will be user1@branch1.abc.com
I have tried to creat new site from RSAT but it’s not successfull. Please help me to finish this task. Thank you.
having DHCP & DNS function in “Domain” category to serve the clients of the branch, Now it has only “Domain join” in the “Domain” although I installed “Active Directory compatible Domain Controller”
The DHCP and DNS modules are only available in the web interface of the DC master. Their settings will however be replicated to the DC slave. You must create a new “network” for the branch and a DHCP server in the DHCP subnet configuration. Then the DHCP service on the DC slave in the branch network will take up that work (see IP assignment via DHCP). All DCs are always DNS servers for the whole domain (see DNS).
Thank you troeder. What about the sub-domain branch1.abc.com? How can I create subdomain for each branch in the environment of multiple offices, branches?
Hi, let me step in here. Child-Domains as in Active Directory Child Domains (and not as in DNS sub domains or as in Mail domains) is a concept in Microsofts Active Directory Domain Services. I assume you are referring to this?
For Active Directory child domains, you need Active Directory Forests and Trusts (the child AD domain and the parent AD domain need to trust each other). Although it should be technically possible to set up an Active Directory trust relationship between two Samba Active Directory Domains that are both run by UCS, it is currently not supported in UCS. You can read about the current state of Samba/AD to Windows/AD trusts in this blog post (long story short: some things don’t work yet and you probably don’t want to run it in production):
However, most probably you don’t need a child domain but only an additional Active Directory Site (another Active Directory concept). To be more precise: technically you don’t need a child domain, because UCS solves branch offices in another way. There are only organizational reasons that might prevent this. The things you will have to live with are: the branch site will have the same domain name as the headquarter site and you can’t do security filtering accross domains/sites.
As an rough outline, here is what I would do:
Setup a UCS Backup or Slave
at the branch office
in a seperate subnet
join it against the UCS Master in the headquarter office (=same AD domain)
set the UCR variable samba4/join/site to the Active Directory Site name you want (e.g. “branchoffice”)
Install the App “Active Directory compatible Domain controller”
Check the Active Directory Sites settings with the corresponding Tool provided by RSAT (and perform any corrections that might be necessary). Have a look at this Microsoft article for details.
You can then still use a DNS subdomain and a Mail subdomain to differentiate between the two Sites if you need that
I also recommend to read these two blog articles to understand how replication works in UCS: