Active Directory Infrastructure

Posted on 2004-11-13
Last Modified: 2010-04-10
I am designing (first time) an Active Directory infrastructure solution.  I am trying to keep it simple.  1 server (forest), 1 OU, Home directories, My documents + desktop redirection...

My environ is as follows:

All users are mobile users (about 20) (they all have win xp Gateway laptops).  All the laptops have internal wi-fi cards... about 60% of the users do not connect to Ethernet as wireless access points work well in their location.  My BIG concern is connectivity issues once I deploy AD on the work.  If the connection drops, what will happen?  when the computer boots up and it can't find an AP and connect or signal weak... what will happen.

my question is:  How do I deal with this problem?  what are the implications of deploying AD on an environment that is not stable.... I am simply trying to anticipate problems.

I am, however, thinking about connecting everyone to ethernet... but what if the users unplugs the laptop and goes to a meeting offsite.  Once offsite the user will not be able to connect to the AD domain?  Will the user have to login to the local account... but how are the files in My Documents and Desktop in the local account copied to the domain account once the user logs back on the following morning.

my question #2: What is the best practice/solution to implement AD for mobile users?

Question #3:  Can I have users login to a domain over the internet? and not locally? without an established WAN?

please provide some insight... I need this implementation to work well.
Question by:calpoly1
    LVL 5

    Expert Comment

    I don't think you need to worry about the working online/offline because of the user account issue.

    I mean, all you need for the Domain user is to log in once online, the minute this login is successful - a local account for a domain user is created. So in case there is no connection to the DC from the laptop (no matter what reason) - the user will log into the same account but only the online DC service won't be available, still the user will be able to work locally on the same local account.

    I would suggest to create Admin scripts that will syncronise the contents of My Documents, mail etc. the second the user will log into domain. Besides that the sync procedure is also available on Win XP for these purposes exactly.

    So you don't need to worry about connectivity, etc.

    So once you implement the AD and you will create and configure all users in your OU - all that will be left is to transfer all current settings from the local user on each laptop to the Domain user, then just require to log in as a domain user.

    Its all straight forward really - we did such a migration in our network.


    The only thing about connectivity for you to be concerned about is the duplicate connection:

    I mean once a WiFi NIC gets an IP, you will connect it to the Ethernet - and it 'll get another IP so how will traffic go - through WiFi or Ethernet?

    I think for the office use - wifi is not secure enough, remove the Access Point. Use the ethernet.

    Good Luck.

    Author Comment


    Is it possible to setup a domain controller at one site w/a T1 and have users login from another site (sites completely independent, no vpn, etc) via T1 as well.?

    would this work well?

    I would just setup accounts for all users under  and then authenticate all users under that domain?
    LVL 5

    Expert Comment

    I would strongly recommend you NOT TO DO THAT - this is a blasting hole in the security of your organisation.
    This option exists though - for that you just need to put your DC out to the world - public IP or a forwarding from the firewall for domain connections.

    VPNs are for this purpose - use them!
    LVL 11

    Accepted Solution

    Actually I just can't recomend you a "best" approach. Active directory infrastructure design is very much related to the business itself. Future growth plans have also to be considered. Active Directory was invented to make administrator's life easier. So you must design it with the idea that it has to be a pretty much static structure (it doesn't have to change too much in time).

    Now, regarding your question about what happens if the connection goes down ... Well, it depends whether u are using Windows 2003 server or windows 2000 server as your primary domain controller (PDC). It also depends on whether users have previously loged in to the network or not. If a user have never loged in, then that same user will not be able to login into the domain; he/her can login locally, however. If a user have previously logged in into the domain, then cache credentials should be used - anyway, you will not be able to access network domain resources however - this is pretty much obvious as you will be loosing your network connectivity, right?

    I recommend you not to rely on your wireless connection. Whenerver u use a wireless network, install also a backup wired connection.

    About remotelly connecting users over the internet .... JUST USE A VPN CONNECTION.

    I might give a better inside however if you put some more detailed specification here about what r u trying to achieve.


    Featured Post

    Do You Know the 4 Main Threat Actor Types?

    Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

    Join & Write a Comment

    Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
    Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now