Solved

Remote Site and Active Directory

Posted on 2004-09-29
4
128 Views
Last Modified: 2010-05-18
Expert:

I currently have the following setup: 1 Windows NT PDC, 1 Active Directory Domain Controller with OU's, 1 Citirx Metaframe Sever, 1 Exchange Server 2000 and 1 ISA Server 2000 at my main office which is running in a mix mode environment within a LAN/WAN network connected by fractional T1 with 512K of bandwidth.  All my remote sites are still running NT BDC's.  

We are planning to eliminate the BDCs at the remote sites and install new servers with Windows 2000 Server on them. But I am not to sure if I need to setup as these remote sites servers as Member Server, additional Domain Controllers or do I simply use the feature "Active Directory Sites and Domains" and delegate control to the remotes sites via the OU's?

I guess what I am trying to find out is the following: In Windows 2000 what replaced the PDC/BDC replication?


Luis M. Rodriguez, MCP.


0
Comment
Question by:lrodriguez
  • 2
  • 2
4 Comments
 
LVL 76

Expert Comment

by:David Lee
Comment Utility
Hi, Luis.  

Active Directory replication is what replaces the PDC/BDC replication from NT4.  It keeps the directory syncronized on all W2k domain controllers.

The question about whether to use member servers or domain controllers in your remote sites is one I can't answer basedon the information you provided.  There are a number of factors to consider such as bandwidth, replication topology, the number of users in each office, and what you hope to accomplish with a server in those offices.  I'd recommend you read over Microsoft's Active Directory Branch Office Planning Guide (link below).  

http://www.microsoft.com/windows2000/techinfo/planning/activedirectory/branchoffice/default.asp
0
 
LVL 33

Accepted Solution

by:
NJComputerNetworks earned 500 total points
Comment Utility
Basically the rule is this, every LAN should have at least one DC.  So, if you have two sites, for example, one in New Jersey and one in California, you should have a DC in each site.  

This way, users logon to the network via the LAN connected DC.  The logon doesn't have to go over the WAN link.  Users in NJ log on to the NJ DC and the California users logon using the CAlifornia DC.  

You will have to use AD Sites and Services, however, to configure your domain after adding the new DC.  For every site, you need to create a SITE in AD Sites and Services.  In AD Sites and Services you can related SUBNETS to the SITE.  Once this is defined, AD will use this information to help authenticating users find the LOCAL DC.

For example:

New Jersey Site
10.10.1.0
10.10.2.0
10.10.3.0

California Site
20.20.1.0
20.20.2.0
20.20.3.0

After you define your sites in AD Sites and Services, and your new DC is placed on line, you will have to go into AD Sites and Services and move the new DC into the proper Site.  Every Site created in AD Sites in Services should have at least one DC.  

In NT 4.0, PDC's and BDC's were used.  The primary domain controller has the only READ/WRITE copy of the database.  The BDC's only have read only copies.  In Windows 2000/2003, all DC's are equal and have a read/write copy of the database.  So, there really isn't a PDC in a Windows 2000/2003 environment.  However, the first Windows 2000/2003 DC holds a FSMO role called PDC emulator.  This role mimics a Windows NT 4.0 PDC (among some other tasks) during a mixed mode installation.

So, I would suggest that you make an additional DC in the remote site.

-later

Joe Poandl MCSE

0
 
LVL 76

Expert Comment

by:David Lee
Comment Utility
"Basically the rule is this, every LAN should have at least one DC.  So, if you have two sites, for example, one in New Jersey and one in California, you should have a DC in each site."

I tend to agree with this comment but Microsoft does not.  Microsoft's guidance is that this depends on the speed of your WAN links, the number of staff in each remote office, what services the staff in those offices need access to, and a few other factors.  As you add more DCs you increase the complexity of the network and therefore the possibility of a problem cropping up, and you increase the amount of replication traffic.  When the organization I work for was planning our migration to W2K we sought advice for Microsoft.  We have about 70 offices nationwide and Microsoft's recommendation was to put DCs in just three locations.  We opted to deviate from that because we have some very slow WAN links.  In short, I don't think there's a one-size fits all answer.  I'd read the Branch Office Guide and then apply what it says to my network.
0
 
LVL 33

Expert Comment

by:NJComputerNetworks
Comment Utility
Yes, you are right.. there is no one size fits all answer.  The design I suggest comes from my experience with what I have configured or have seen configured in dozens of Windows 2k/2k3 designs.  But I aggree there are several considerations, budget, resources, WAN speeds etc.

However, due to the fact that I've seen my described design implemented so many times in the past, I personally consider it a basic rule that has prooven historical merit (at least in my eyes).

-later

Joe Poandl MCSE
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Suggested Solutions

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Never store passwords in plain text or just their hash: it seems a no-brainier, but there are still plenty of people doing that. I present the why and how on this subject, offering my own real life solution that you can implement right away, bringin…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now