Deploying Active Directory for Branch Office Environments

  • Article
Archived content. No warranty is made as to technical accuracy. Content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.

Chapter 8 - Quality Assurance of the Domain Controller at the Branch Office

Operating System

Deployment and Operations Guide

Abstract

This chapter outlines the steps to finalize the configuration of the staged domain controller after it is shipped to the branch office. After completing these steps, you will be able to begin normal operation and maintenance of these branch office domain controllers.

On This Page

Introduction
Process Flowchart
Deployment Considerations
Final Configuration of the Domain Controller at the Branch Office
Summary

Introduction

After a staged domain controller has been shipped to a branch office, there is some initial configuration that must be performed to prepare the domain controller for operation. In addition, it is imperative that you perform a quality assurance check to verify the new domain controller is functioning properly in its new branch office location.

Chapter Sections

This chapter covers the following procedures:

  • Configuration at the Branch Office

  • Verifying the Domain Controller at the Branch Office

Before looking at these sections in detail, let's consider the prerequisites for the procedures.

Resource Requirements

You will need to have operations staff, or deployment staff, able to troubleshoot any problems uncovered by the quality assurance tests run after the domain controller is turned on at the branch.

What you Will Need

To complete the procedures in this chapter, you will need:

  • A staged domain controller at each branch office

  • The branch office installation scripts

  • The quality assurance scripts

What you Should Know

To complete the procedures in this chapter, you will need the username and password for a user account that is a member of the domain admins group.

Process Flowchart

Deployment Considerations

When the staged domain controller arrives at its destination branch office, some final configuration is required. In addition, it is necessary to perform an initial quality assurance check on the domain controller to ensure that it is functioning properly. After performing this initial quality assurance check, you will then need to perform regular quality assurance checks on the domain controller. Regular quality assurance checks will alert you to any issues that may arise and allow you to correct them before they impact your operation.

The scripts that are included with this guide will help you complete the final configuration as well as the ongoing quality assurance checking. These scripts can be performed by the point-of-contact person at the branch office, or by an administrator at the hub site by logging in through Terminal Services.

Final Configuration of the Domain Controller at the Branch Office

First, you will need to perform the final configuration of the domain controller and verify that the domain controller is functioning properly. If you do not have an administrator at the branch office that can perform these steps, it is recommended that you use Terminal Services to connect to the domain controller and perform the final configuration remotely.

Note: As you perform the procedures in this chapter, you should document the configuration of the servers in the DC Staging Checklist.xls job aid included with this guide.

Configuration at the Branch Office

To perform the final configuration you will run a script (Post-ship.cmd) that will:

  • Set Domain Name System (DNS)forwarders.

  • Set recursion on to always use forwarders for non-local zones. (Must be set after forwarders)

  • Configure File Replication service (FRS) to perform a non-authoritative restore.

  • Configure FRS to start automatically.

  • Wait 30 minutes for FRS to restore SYSVOL.

  • Run initial quality assurance check.

To run this script:

  1. Connect the branch office domain controller to the network and start the server.

  2. Wait 30 minutes after the restart has completed.

  3. Log on as an Administrator.

  4. Start a command prompt.

  5. Change to the C:\BranchDC folder.

  6. Run Post-ship.cmd. There will be a 30 minute wait in the script to allow SYSVOL to restore. Proceed to the next step after the wait is completed.

  7. Click Start, Run, in the Open box type Notepad C:\BranchDC\Post-ship.log and then click OK.

  8. Verify that the Post-ship.log file does not contain any errors and that all the commands completed successfully. If a command in Post-ship.cmd did not complete successfully, resolve the problem and rerun the command.

Verifying the Domain Controller at the Branch Office

The Post-ship.cmd script also runs the initial quality assurance check that will:

  • Run Dcdiag.exe to verify the state of the domain controller.

  • Run Netdiag.exe to verify network health.

  • Verify the consistency of the group policy objects.

  • Run Ntfrsutil.exe to verify FRS replication.

  • Run Repadmin.exe to verify NTDS replication.

To verify the domain controller at the branch office:

  1. In the command prompt, change to the C:\ADResults\<computername> folder.

  2. Use Notepad to open the text file in this folder.

  3. Examine the file to ensure that there were no errors reported. If there are any errors, the errors must be resolved before continuing. See Chapter 11, "Troubleshooting Guidelines for Branch Office Environments," for more information on troubleshooting errors.

  4. Document the configuration of the branch office domain controller in the DC Staging Checklist job aid.

Summary

In this chapter, you have run the script which performs the final branch office domain controller configuration. You are now ready to begin the maintenance phase of your branch office deployment. The next chapter will provide you with the tools and procedures you can use to ensure that your deployment continues to perform at an acceptable level.