Remote Site and Active Directory

Posted on 2004-09-29
Last Modified: 2010-05-18

I currently have the following setup: 1 Windows NT PDC, 1 Active Directory Domain Controller with OU's, 1 Citirx Metaframe Sever, 1 Exchange Server 2000 and 1 ISA Server 2000 at my main office which is running in a mix mode environment within a LAN/WAN network connected by fractional T1 with 512K of bandwidth.  All my remote sites are still running NT BDC's.  

We are planning to eliminate the BDCs at the remote sites and install new servers with Windows 2000 Server on them. But I am not to sure if I need to setup as these remote sites servers as Member Server, additional Domain Controllers or do I simply use the feature "Active Directory Sites and Domains" and delegate control to the remotes sites via the OU's?

I guess what I am trying to find out is the following: In Windows 2000 what replaced the PDC/BDC replication?

Luis M. Rodriguez, MCP.

Question by:lrodriguez
  • 2
  • 2
LVL 76

Expert Comment

by:David Lee
ID: 12188866
Hi, Luis.  

Active Directory replication is what replaces the PDC/BDC replication from NT4.  It keeps the directory syncronized on all W2k domain controllers.

The question about whether to use member servers or domain controllers in your remote sites is one I can't answer basedon the information you provided.  There are a number of factors to consider such as bandwidth, replication topology, the number of users in each office, and what you hope to accomplish with a server in those offices.  I'd recommend you read over Microsoft's Active Directory Branch Office Planning Guide (link below).
LVL 33

Accepted Solution

NJComputerNetworks earned 500 total points
ID: 12188964
Basically the rule is this, every LAN should have at least one DC.  So, if you have two sites, for example, one in New Jersey and one in California, you should have a DC in each site.  

This way, users logon to the network via the LAN connected DC.  The logon doesn't have to go over the WAN link.  Users in NJ log on to the NJ DC and the California users logon using the CAlifornia DC.  

You will have to use AD Sites and Services, however, to configure your domain after adding the new DC.  For every site, you need to create a SITE in AD Sites and Services.  In AD Sites and Services you can related SUBNETS to the SITE.  Once this is defined, AD will use this information to help authenticating users find the LOCAL DC.

For example:

New Jersey Site

California Site

After you define your sites in AD Sites and Services, and your new DC is placed on line, you will have to go into AD Sites and Services and move the new DC into the proper Site.  Every Site created in AD Sites in Services should have at least one DC.  

In NT 4.0, PDC's and BDC's were used.  The primary domain controller has the only READ/WRITE copy of the database.  The BDC's only have read only copies.  In Windows 2000/2003, all DC's are equal and have a read/write copy of the database.  So, there really isn't a PDC in a Windows 2000/2003 environment.  However, the first Windows 2000/2003 DC holds a FSMO role called PDC emulator.  This role mimics a Windows NT 4.0 PDC (among some other tasks) during a mixed mode installation.

So, I would suggest that you make an additional DC in the remote site.


Joe Poandl MCSE

LVL 76

Expert Comment

by:David Lee
ID: 12189304
"Basically the rule is this, every LAN should have at least one DC.  So, if you have two sites, for example, one in New Jersey and one in California, you should have a DC in each site."

I tend to agree with this comment but Microsoft does not.  Microsoft's guidance is that this depends on the speed of your WAN links, the number of staff in each remote office, what services the staff in those offices need access to, and a few other factors.  As you add more DCs you increase the complexity of the network and therefore the possibility of a problem cropping up, and you increase the amount of replication traffic.  When the organization I work for was planning our migration to W2K we sought advice for Microsoft.  We have about 70 offices nationwide and Microsoft's recommendation was to put DCs in just three locations.  We opted to deviate from that because we have some very slow WAN links.  In short, I don't think there's a one-size fits all answer.  I'd read the Branch Office Guide and then apply what it says to my network.
LVL 33

Expert Comment

ID: 12189522
Yes, you are right.. there is no one size fits all answer.  The design I suggest comes from my experience with what I have configured or have seen configured in dozens of Windows 2k/2k3 designs.  But I aggree there are several considerations, budget, resources, WAN speeds etc.

However, due to the fact that I've seen my described design implemented so many times in the past, I personally consider it a basic rule that has prooven historical merit (at least in my eyes).


Joe Poandl MCSE

Featured Post

Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SQL SERVER 2000 mdf file defragmentation 4 46
Application Deployment 2 254
Images sometimes not printed 6 481
Windows Explorer and WinZXip 4 513
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
SEO can be a real minefield to navigate, but there are three simple ways to up your SEO game just be re-assessing your content output.
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

815 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now