Link to home
Start Free TrialLog in
Avatar of hotdiggetydawg
hotdiggetydawg

asked on

AD design check

Hi I just need someone to check this example design.

5 sites in total on a single AD v2 Tree/domain all using Win2k3 servers and 2000/xp clients.

Site 1 = main HUB HQ/Datacentre
             250 users
             2 DC/Global Cat
             Exchange
             File & print
             Application servers

Site 2 = connected to site 1 via 768Kb Wan
             50 users
             1 DC/GLobal Cat
             Exchange
             File & print

Site 3 = connected to site 1 via 256Kb Wan
             10 users
             no local DC/Global Cat server - users authenticate to site 2's DC
             Nas File & print
             Users connect to Exchange at site 2



My concerns are with Site 3 really. Will this design hold up, will the site 3 users hammer the 256k line when accessing the global cat server on site 2? What would you recommend in this situation?

Avatar of mikeleebrla
mikeleebrla
Flag of United States of America image

Most people always have at least one DC with a copy of the GC at each site,,, that way if your WAN link goes down your users can still authenticate.  It all depends on how important uptime is in your business.  You have to weigh the cost/benifit of an additional DC at site 3 for only 10 users.
Avatar of hotdiggetydawg
hotdiggetydawg

ASKER

if it was decided that there was to be no DC/GC at site 3 would the 256 wan link be sufficient for access to the DC/GC (site 2) by the 10 site 3 outlook users?
i think the 256 link would be OK, but it all depends on what you need exchange for really.  If you are mainly using it for text emails it will be fine, but if you email large attachments within your exchange organization you might want a faster link to speed interoffice email,,, but even if there is a DC/GC in site 3 three it wouldn't speed email authentication at all for site 3 users.  Of course the best solution would be to have an exchange server at each site.  In your setup the exchange server SHOULD authenticate to the DC/GC in site 2 since that is where exchange is.  You can check/change which DC your exchange server authenticates to (if you have SP2 on exchange) by rightclicking the exchange server in exchange system manager, then go to the directory access tab  and look at which server the "configuration domain controller" is.  This is the DC that exchange authenticates with.
We've had 10+ people at sites with only 128k connections and didn't have problems.  We did find Outlook a little slow--we had them use Outlook Web Access (through Internet Explorer) instead and that worked fine.  Authentication was fine.  Worst case, 2000 and XP both support cached credentials by default so people can still access the PC and get on the internet if the main site was down.
Jmacmicking,

Was this using Exchange 2003? That is what were putting in place. I've heard that there can be real performance issues with this type of remote mail access with outlook clients.
It was originally Exchange 2000, it's now 2003.  We haven't tried Outlook since we upgraded though.  Outlook seemed sluggish (but bareable) even with only one person accessing it, when multiple people opened it around the same time it was bad.  However, a lot of the emails we see sent around are more then just plain text.  The network path back to our Exchange server wasn't exactly direct either so the bandwidth wasn't the only limiting factor.  Once we had them switch to using OWA though everything smoothed out.
SOLUTION
Avatar of mikeleebrla
mikeleebrla
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
So would this be the reccomended setup?
Site 1 = main HUB HQ/Datacentre
             250 users
             2 DC/Global Cat
             Exchange
             File & print
             Application servers

Site 2 = connected to site 1 via 768Kb Wan
             50 users
             1 DC/GLobal Cat
             Exchange
             File & print

Site 3 = connected to site 1 via 256Kb Wan
             10 users
             local DC/Global Cat server
             Nas File & print
             Users connect to Exchange 2003 at site 2 / or Local exchange 2003? (for just 10 users?)

Sounds overkill to me but MS likes us to distribute servers around i suppose.
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial