Remote Site and Active Directory

Posted on 2004-09-29
Last Modified: 2010-05-18

I currently have the following setup: 1 Windows NT PDC, 1 Active Directory Domain Controller with OU's, 1 Citirx Metaframe Sever, 1 Exchange Server 2000 and 1 ISA Server 2000 at my main office which is running in a mix mode environment within a LAN/WAN network connected by fractional T1 with 512K of bandwidth.  All my remote sites are still running NT BDC's.  

We are planning to eliminate the BDCs at the remote sites and install new servers with Windows 2000 Server on them. But I am not to sure if I need to setup as these remote sites servers as Member Server, additional Domain Controllers or do I simply use the feature "Active Directory Sites and Domains" and delegate control to the remotes sites via the OU's?

I guess what I am trying to find out is the following: In Windows 2000 what replaced the PDC/BDC replication?

Luis M. Rodriguez, MCP.

Question by:lrodriguez
  • 2
  • 2
LVL 76

Expert Comment

by:David Lee
ID: 12188866
Hi, Luis.  

Active Directory replication is what replaces the PDC/BDC replication from NT4.  It keeps the directory syncronized on all W2k domain controllers.

The question about whether to use member servers or domain controllers in your remote sites is one I can't answer basedon the information you provided.  There are a number of factors to consider such as bandwidth, replication topology, the number of users in each office, and what you hope to accomplish with a server in those offices.  I'd recommend you read over Microsoft's Active Directory Branch Office Planning Guide (link below).
LVL 33

Accepted Solution

NJComputerNetworks earned 500 total points
ID: 12188964
Basically the rule is this, every LAN should have at least one DC.  So, if you have two sites, for example, one in New Jersey and one in California, you should have a DC in each site.  

This way, users logon to the network via the LAN connected DC.  The logon doesn't have to go over the WAN link.  Users in NJ log on to the NJ DC and the California users logon using the CAlifornia DC.  

You will have to use AD Sites and Services, however, to configure your domain after adding the new DC.  For every site, you need to create a SITE in AD Sites and Services.  In AD Sites and Services you can related SUBNETS to the SITE.  Once this is defined, AD will use this information to help authenticating users find the LOCAL DC.

For example:

New Jersey Site

California Site

After you define your sites in AD Sites and Services, and your new DC is placed on line, you will have to go into AD Sites and Services and move the new DC into the proper Site.  Every Site created in AD Sites in Services should have at least one DC.  

In NT 4.0, PDC's and BDC's were used.  The primary domain controller has the only READ/WRITE copy of the database.  The BDC's only have read only copies.  In Windows 2000/2003, all DC's are equal and have a read/write copy of the database.  So, there really isn't a PDC in a Windows 2000/2003 environment.  However, the first Windows 2000/2003 DC holds a FSMO role called PDC emulator.  This role mimics a Windows NT 4.0 PDC (among some other tasks) during a mixed mode installation.

So, I would suggest that you make an additional DC in the remote site.


Joe Poandl MCSE

LVL 76

Expert Comment

by:David Lee
ID: 12189304
"Basically the rule is this, every LAN should have at least one DC.  So, if you have two sites, for example, one in New Jersey and one in California, you should have a DC in each site."

I tend to agree with this comment but Microsoft does not.  Microsoft's guidance is that this depends on the speed of your WAN links, the number of staff in each remote office, what services the staff in those offices need access to, and a few other factors.  As you add more DCs you increase the complexity of the network and therefore the possibility of a problem cropping up, and you increase the amount of replication traffic.  When the organization I work for was planning our migration to W2K we sought advice for Microsoft.  We have about 70 offices nationwide and Microsoft's recommendation was to put DCs in just three locations.  We opted to deviate from that because we have some very slow WAN links.  In short, I don't think there's a one-size fits all answer.  I'd read the Branch Office Guide and then apply what it says to my network.
LVL 33

Expert Comment

ID: 12189522
Yes, you are right.. there is no one size fits all answer.  The design I suggest comes from my experience with what I have configured or have seen configured in dozens of Windows 2k/2k3 designs.  But I aggree there are several considerations, budget, resources, WAN speeds etc.

However, due to the fact that I've seen my described design implemented so many times in the past, I personally consider it a basic rule that has prooven historical merit (at least in my eyes).


Joe Poandl MCSE

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
windows 2000 3 425
Migrate DFS role 3 810
ClamAV for Old Windows 2000 Server 7 1,991
Upgrading Windows 2000 SP4 to Windows XP SP2 5 377
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Cloud-based technologies and services will continue to grow in popularity in 2017 thanks to the simple, scalable and cost-effective solutions they deliver. Here are three areas where cloud adoption is poised to really take off.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now