Networking planning, MS Domains

Posted on 2004-09-02
Last Modified: 2010-03-18
A general question about network topology. My company currently has 2000 AD server running on our main campus with about 200 total clients, and maybe 10 other 2000 servers. We also have a variety of Netware file and app servers.

We are in the planning stages of bringing up a remote location. This location will in all likelyhood be connected back to the main campus using a leased T1 line, and will consist of around 10-15 workstations initially, though this could grow in the future. We will be responsible with providing service to this remote location, including internet access, file sharing, apps, email, support for workstations, the whole 9 yards.

My question is regarding how this remote location should be integrated into AD. Should I look at deploying a backup domain controller (or sub-domain?) local to the remote locations VLan, or is this overkill? Can we join all those workstations to our main domain directly over the T1, and expect performance to be acceptable, taking into account the traffic from all the other services?

If anyone has any links to Microsoft KB articles or "best practice" white papers related to this topic as well, I would very much appreciate the links.
Question by:mvogts
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
LVL 11

Expert Comment

by:NetoMeter Screencasts
ID: 11964673

I think that setting a Domain Controller for just 10-15 machines/users is going to be an overkill.

It turns out that the authentication requests which the users will send over the WAN very small packets which take less bandwidth compared to the bandwidth required for replication between the Domain Controllers.
You might consider setting a File/Application server for the users at the remote location.

Another consideration could be whether you have experienced Network Admin(s) at that location or the administratiion tasks will be performed from the central site.
If there is not going to be admin staff at that location it will bve easier if you set an OU for that location.
In case you expect significant growth of the number of users combined with a difference in the company policies for its users like different security settings, restricted access to resources there, different e-mail addresses for the e-mail etc. you might consider deploying a child domain. That is not difficult and I preffer such configuration in places where there are 40-50 and more users/machines.


Author Comment

ID: 11964878
After looking at a couple more things, I'm wondering now about AD Sites and Services, and whether this is something I need to look into or not?
LVL 11

Expert Comment

by:NetoMeter Screencasts
ID: 11965765
If you plan to install a domain controller you need to consider configuring Sites - one for the Central Site and one for the remote one.

LVL 76

Accepted Solution

David Lee earned 500 total points
ID: 11966439
I would recommend putting a domain controller, also configured to be a global catalog server, at the remote location.  In my opinion that's a far better solution than creating a child domain.  Even though there are a relatively small number of staff at the remote location having a domain controller there allows them to authenticate locally so they can continue working even if the T1 line back to the main site is down for some reason, or in case the domain controller(s) at the main site are unavailable.  If you do elect to set a domain controller up in the remote office, then as NetoMeter said you will need to create another site.  The organization I work for has a number of remote offices with 2-10 staff each.  We settled on putting a domain controller in each office with at least 4 staff.  That may seem like overkill, but we have slow network connections and having a DC/GCS there keeps a lot of traffic off the WAN.  For the server we didn't use anything fancy, just a common off-the-shelf PC configured as a DC and GCS.  The link below is to Microsoft's Branch Office Planning Guide.  Chapter 2 - Structural Planning for Branch Office Environments should provide more information.

Author Comment

ID: 13159718
My apologies on losing track of this post, points awarded.

Featured Post

Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Have you ever set up your wireless router at home or in the office to find that you little pop-up bubble in the bottom right-hand corner of Windows read "IP Conflict - One of more computers on the network have been assigned the following IP address"…
Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor ( Top Charts is a view in which you can set seve…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…
Suggested Courses
Course of the Month5 days, 22 hours left to enroll

626 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question