• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 153
  • Last Modified:

Remote Site and Active Directory

Expert:

I currently have the following setup: 1 Windows NT PDC, 1 Active Directory Domain Controller with OU's, 1 Citirx Metaframe Sever, 1 Exchange Server 2000 and 1 ISA Server 2000 at my main office which is running in a mix mode environment within a LAN/WAN network connected by fractional T1 with 512K of bandwidth.  All my remote sites are still running NT BDC's.  

We are planning to eliminate the BDCs at the remote sites and install new servers with Windows 2000 Server on them. But I am not to sure if I need to setup as these remote sites servers as Member Server, additional Domain Controllers or do I simply use the feature "Active Directory Sites and Domains" and delegate control to the remotes sites via the OU's?

I guess what I am trying to find out is the following: In Windows 2000 what replaced the PDC/BDC replication?


Luis M. Rodriguez, MCP.


0
lrodriguez
Asked:
lrodriguez
  • 2
  • 2
1 Solution
 
David LeeCommented:
Hi, Luis.  

Active Directory replication is what replaces the PDC/BDC replication from NT4.  It keeps the directory syncronized on all W2k domain controllers.

The question about whether to use member servers or domain controllers in your remote sites is one I can't answer basedon the information you provided.  There are a number of factors to consider such as bandwidth, replication topology, the number of users in each office, and what you hope to accomplish with a server in those offices.  I'd recommend you read over Microsoft's Active Directory Branch Office Planning Guide (link below).  

http://www.microsoft.com/windows2000/techinfo/planning/activedirectory/branchoffice/default.asp
0
 
NJComputerNetworksCommented:
Basically the rule is this, every LAN should have at least one DC.  So, if you have two sites, for example, one in New Jersey and one in California, you should have a DC in each site.  

This way, users logon to the network via the LAN connected DC.  The logon doesn't have to go over the WAN link.  Users in NJ log on to the NJ DC and the California users logon using the CAlifornia DC.  

You will have to use AD Sites and Services, however, to configure your domain after adding the new DC.  For every site, you need to create a SITE in AD Sites and Services.  In AD Sites and Services you can related SUBNETS to the SITE.  Once this is defined, AD will use this information to help authenticating users find the LOCAL DC.

For example:

New Jersey Site
10.10.1.0
10.10.2.0
10.10.3.0

California Site
20.20.1.0
20.20.2.0
20.20.3.0

After you define your sites in AD Sites and Services, and your new DC is placed on line, you will have to go into AD Sites and Services and move the new DC into the proper Site.  Every Site created in AD Sites in Services should have at least one DC.  

In NT 4.0, PDC's and BDC's were used.  The primary domain controller has the only READ/WRITE copy of the database.  The BDC's only have read only copies.  In Windows 2000/2003, all DC's are equal and have a read/write copy of the database.  So, there really isn't a PDC in a Windows 2000/2003 environment.  However, the first Windows 2000/2003 DC holds a FSMO role called PDC emulator.  This role mimics a Windows NT 4.0 PDC (among some other tasks) during a mixed mode installation.

So, I would suggest that you make an additional DC in the remote site.

-later

Joe Poandl MCSE

0
 
David LeeCommented:
"Basically the rule is this, every LAN should have at least one DC.  So, if you have two sites, for example, one in New Jersey and one in California, you should have a DC in each site."

I tend to agree with this comment but Microsoft does not.  Microsoft's guidance is that this depends on the speed of your WAN links, the number of staff in each remote office, what services the staff in those offices need access to, and a few other factors.  As you add more DCs you increase the complexity of the network and therefore the possibility of a problem cropping up, and you increase the amount of replication traffic.  When the organization I work for was planning our migration to W2K we sought advice for Microsoft.  We have about 70 offices nationwide and Microsoft's recommendation was to put DCs in just three locations.  We opted to deviate from that because we have some very slow WAN links.  In short, I don't think there's a one-size fits all answer.  I'd read the Branch Office Guide and then apply what it says to my network.
0
 
NJComputerNetworksCommented:
Yes, you are right.. there is no one size fits all answer.  The design I suggest comes from my experience with what I have configured or have seen configured in dozens of Windows 2k/2k3 designs.  But I aggree there are several considerations, budget, resources, WAN speeds etc.

However, due to the fact that I've seen my described design implemented so many times in the past, I personally consider it a basic rule that has prooven historical merit (at least in my eyes).

-later

Joe Poandl MCSE
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now