Add Windows Remote Domain Controller

To connect an Active Directory (AD) Domain Controller (DC) at a remote site to your Primary Domain Controller (PDC) on your office LAN, you must first add the PDC to the ACSC network. See the Add Windows Local Domain Controller documentation to add a domain controller (DC).

After the PDC is connected to the ACSC network, follow these steps to connect the remote DC to it:

Prepare Remote Site on PDC

On the PDC, follow the standard procedure for Configuring an Additional AD Site for the new remote site.

For example, if you have an existing Main-Office site that uses the 192.168.100.0/24 subnet, you might add a new Remote-Office site that uses the 192.168.200.0/24 subnet, and then add a new IP site link to connect the two sites. (Note that this site link will not be functional until you have connected both domain controllers to the ACSC network.)

Set Up Host in Management UI

Follow the steps from the Add Test Connection documentation until you get to the Tunnel page of the Add Endpoint Wizard. On this page, do the following:

1. Adjust the IP address ranges listed in the Except for field on left side of the page to include the remote DC’s own LAN networks (eg “192.168.200.0/24”).
2. Adjust the IP addresses listed in the WireGuard Address fields on the right side of the page if you have selected a specific set of addresses for the DC, or if you have already assigned the suggested addresses to some other computer.
3. Click the Next button. This will take you to the Extras page of the Add Endpoint Wizard.
4. Select blank for the Firewall Zone dropdown.
5. Select the No changes to DNS settings when tunnel is up option.
6. Click the Next button. This will take you to the Review page of the Add Endpoint Wizard.
7. Click the Apply button. This will add the DC to the ACSC network.
8. Click the Set Up Agent icon on the Point panel on the right side of the page. This will take you to the Set Up page for the DC.
9. Click the acsc.conf and acsc-setup.conf links. This will download the unique acsc.conf and acsc-setup.conf files for the DC.

Install Agent on Host

To install the ACSC agent on the remote DC, perform the following steps on the DC as an Administrator user:

1. Create a new C:\Program Files\Anti-Cloud\Secure Connect\agent\cnf\ directory on the DC.
2. Copy the DC’s unique acsc.conf and acsc-setup.conf files you downloaded above into this directory on the DC.
3. Copy the agent’s MSI (Microsoft Installer) package to the DC, and execute it.

Change DNS Settings on Host

Once the acsc0 interface is up and running on the remote DC, configure the DNS settings of its Ethernet adapter to use the ACSC IP address of the PDC. (For example, this might be 10.11.22.33.) Keep in mind these DNS best practices.

Make sure that the PDC answers DNS requests for its FQDN with its ACSC IP address first when queried by the remote DC:

> nslookup dc01.mydomain.corp
Server:  UnKnown
Address:  10.11.22.33

Name:    dc01.mydomain.corp
Addresses:  10.11.22.33
          192.168.100.11

And same thing for its MSDCS domain name:

> nslookup c6370583-3239-407a-9e85-fc3a9b6274a3._msdcs.mydomain.corp
Server:  UnKnown
Address:  10.11.22.33

Name:    dc01.mydomain.corp
Addresses:  10.11.22.33
          192.168.100.11
Aliases:  c6370583-3239-407a-9e85-fc3a9b6274a3._msdcs.mydomain.corp

If the PDC answers with its LAN address first, the remote DC will not be able to connect to it! (If this is the case, enabling netmask ordering on the PDC should fix it.)

Join Host to Domain

Once the acsc0 interface is up and running, your can join the remote DC to the PDC’s domain as you normally would, like with the Add-Computer PowerShell command:

PS> Add-Computer -DomainName mydomain.corp

Reboot, then promote the remote DC (eg by deploying the AD Domain Services and DNS Server roles on the remote DC), adding the remote DC to the PDC’s existing domain. Be sure to use the new site for the remote DC you configured above (eg Remote-Office). Once this process completes, reboot again, and the remote DC should be ready to go.

Finalize DNS Settings

As suggested by the DNS best practices, once the remote DC is up and serving the domain, you may wish do the following on the remote DC:

• Re-configure the DNS settings of its Ethernet adapter to add itself (ie 127.0.0.1) as a DNS server after the ACSC IP address of the PDC.
• Configure the properties of the DNS server on the remote DC to use the appropriate forwarders for external zones.

Also apply the settings from the “DNS Settings” section of the Add Windows Local Domain Controller documentation to the remote DC.