Solved

domain controller in branch office

Posted on 2004-09-20
2
224 Views
Last Modified: 2010-04-19
Hello,

We are planning the deployment of the domain controllers to remote office. Now the question,
We have about 200 locations (some of them with 10 or 15 users only). We would like to deploy domain controllers only to
those place where it is necessary. The links are reliable and the phisical acess to the office is secure: There is no Exchange in the company and there is not other application which require a DC. It will be necessary DHCP, WINS and DNS (it could be a dns cache)


We would like to apply GPO :
- Default domain security policy
- a GPO based on the company
- a generic GPO for XP and W2K workstations.
- logon scripts based on each of locations.

Taking in accunt your experience,

Do you think with 20 or 30 users in a location it is justified to place a domain controller ?
Links are around 64kb (CIR) DSL.

if we decide to reduce the number of DC in the spoke locations, does it necessary a greater number of DC in the HUB location?

Regards,
Richard

0
Comment
Question by:intentalo69
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 16

Accepted Solution

by:
JamesDS earned 500 total points
ID: 12100411
intentalo69
A GPO will not apply over a slow link. Slow link speed is also defined with GPOs - but by default is 500k.

I personally set my thresholds as follows for a similar sounding deployment (actually a police force):
Up to 20 users - No DC
20-100 Users - 1 DC
100+ Users - 2 DCs
every 500 users after that gets another DC

While this sounds easy enough, it depends largely on what traffic other than basic authentication traffic is hitting your DCs and how important it is that AD Services are maintained in the event of a WAN outage of one of more links.

Cheers

JamesDS
0
 

Expert Comment

by:downeysavings
ID: 14967908
Our company (Banking Instituition) is also planning to deploy DC  at all our 180 branches, the reason we need to use a DC at all location, is to allow our tellers to access a file share on their branch server, even if the WAN link is not available.
 I rather not introduce 180 DC (HQ's is running Windows 2003 AD) at our remote locations, do you have any suggestions ?

Thanks
Bill
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
Learn about cloud computing and its benefits for small business owners.
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question