Active Directory Infrastructure

Posted on 2004-11-13
Medium Priority
Last Modified: 2010-04-10
I am designing (first time) an Active Directory infrastructure solution.  I am trying to keep it simple.  1 server (forest), 1 OU, Home directories, My documents + desktop redirection...

My environ is as follows:

All users are mobile users (about 20) (they all have win xp Gateway laptops).  All the laptops have internal wi-fi cards... about 60% of the users do not connect to Ethernet as wireless access points work well in their location.  My BIG concern is connectivity issues once I deploy AD on the work.  If the connection drops, what will happen?  when the computer boots up and it can't find an AP and connect or signal weak... what will happen.

my question is:  How do I deal with this problem?  what are the implications of deploying AD on an environment that is not stable.... I am simply trying to anticipate problems.

I am, however, thinking about connecting everyone to ethernet... but what if the users unplugs the laptop and goes to a meeting offsite.  Once offsite the user will not be able to connect to the AD domain?  Will the user have to login to the local account... but how are the files in My Documents and Desktop in the local account copied to the domain account once the user logs back on the following morning.

my question #2: What is the best practice/solution to implement AD for mobile users?

Question #3:  Can I have users login to a domain over the internet? and not locally? without an established WAN?

please provide some insight... I need this implementation to work well.
Question by:calpoly1
  • 2

Expert Comment

ID: 12576188
I don't think you need to worry about the working online/offline because of the user account issue.

I mean, all you need for the Domain user is to log in once online, the minute this login is successful - a local account for a domain user is created. So in case there is no connection to the DC from the laptop (no matter what reason) - the user will log into the same account but only the online DC service won't be available, still the user will be able to work locally on the same local account.

I would suggest to create Admin scripts that will syncronise the contents of My Documents, mail etc. the second the user will log into domain. Besides that the sync procedure is also available on Win XP for these purposes exactly.

So you don't need to worry about connectivity, etc.

So once you implement the AD and you will create and configure all users in your OU - all that will be left is to transfer all current settings from the local user on each laptop to the Domain user, then just require to log in as a domain user.

Its all straight forward really - we did such a migration in our network.


The only thing about connectivity for you to be concerned about is the duplicate connection:

I mean once a WiFi NIC gets an IP, you will connect it to the Ethernet - and it 'll get another IP so how will traffic go - through WiFi or Ethernet?

I think for the office use - wifi is not secure enough, remove the Access Point. Use the ethernet.

Good Luck.

Author Comment

ID: 12576223

Is it possible to setup a domain controller at one site w/a T1 and have users login from another site (sites completely independent, no vpn, etc) via T1 as well.?

would this work well?

I would just setup accounts for all users under domain.org.  and then authenticate all users under that domain?

Expert Comment

ID: 12576232
I would strongly recommend you NOT TO DO THAT - this is a blasting hole in the security of your organisation.
This option exists though - for that you just need to put your DC out to the world - public IP or a forwarding from the firewall for domain connections.

VPNs are for this purpose - use them!
LVL 11

Accepted Solution

rafael_acc earned 375 total points
ID: 12594424
Actually I just can't recomend you a "best" approach. Active directory infrastructure design is very much related to the business itself. Future growth plans have also to be considered. Active Directory was invented to make administrator's life easier. So you must design it with the idea that it has to be a pretty much static structure (it doesn't have to change too much in time).

Now, regarding your question about what happens if the connection goes down ... Well, it depends whether u are using Windows 2003 server or windows 2000 server as your primary domain controller (PDC). It also depends on whether users have previously loged in to the network or not. If a user have never loged in, then that same user will not be able to login into the domain; he/her can login locally, however. If a user have previously logged in into the domain, then cache credentials should be used - anyway, you will not be able to access network domain resources however - this is pretty much obvious as you will be loosing your network connectivity, right?

I recommend you not to rely on your wireless connection. Whenerver u use a wireless network, install also a backup wired connection.

About remotelly connecting users over the internet .... JUST USE A VPN CONNECTION.

I might give a better inside however if you put some more detailed specification here about what r u trying to achieve.


Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question