Solved

domain controller in branch office

Posted on 2004-09-20
2
219 Views
Last Modified: 2010-04-19
Hello,

We are planning the deployment of the domain controllers to remote office. Now the question,
We have about 200 locations (some of them with 10 or 15 users only). We would like to deploy domain controllers only to
those place where it is necessary. The links are reliable and the phisical acess to the office is secure: There is no Exchange in the company and there is not other application which require a DC. It will be necessary DHCP, WINS and DNS (it could be a dns cache)


We would like to apply GPO :
- Default domain security policy
- a GPO based on the company
- a generic GPO for XP and W2K workstations.
- logon scripts based on each of locations.

Taking in accunt your experience,

Do you think with 20 or 30 users in a location it is justified to place a domain controller ?
Links are around 64kb (CIR) DSL.

if we decide to reduce the number of DC in the spoke locations, does it necessary a greater number of DC in the HUB location?

Regards,
Richard

0
Comment
Question by:intentalo69
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 16

Accepted Solution

by:
JamesDS earned 500 total points
ID: 12100411
intentalo69
A GPO will not apply over a slow link. Slow link speed is also defined with GPOs - but by default is 500k.

I personally set my thresholds as follows for a similar sounding deployment (actually a police force):
Up to 20 users - No DC
20-100 Users - 1 DC
100+ Users - 2 DCs
every 500 users after that gets another DC

While this sounds easy enough, it depends largely on what traffic other than basic authentication traffic is hitting your DCs and how important it is that AD Services are maintained in the event of a WAN outage of one of more links.

Cheers

JamesDS
0
 

Expert Comment

by:downeysavings
ID: 14967908
Our company (Banking Instituition) is also planning to deploy DC  at all our 180 branches, the reason we need to use a DC at all location, is to allow our tellers to access a file share on their branch server, even if the WAN link is not available.
 I rather not introduce 180 DC (HQ's is running Windows 2003 AD) at our remote locations, do you have any suggestions ?

Thanks
Bill
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question