I'm working on the most appropriate solution for a combination of Server 2003, desktops and laptops in what I'd like to be a contiguous namespace covering 10 office locations (rather than a forest of 10 domains) - HQ and 9 satellite offices. The sites are connected with slow WAN links (limited by 256k upstream ADSL at least for now) and are geographically far apart. There'll be a DC at each site, about 25 people per site and 20 at HQ.
I've got a few questions so I'm trying to spread them across threads to make the point awarding fair.
1) I'm setting up one of the satellite offices first, say site1.company.local - after that, I'll build hq.company.local then all the other sites will gradually be upgraded to Server 2003 (from straightforward workgroups, no upgrading of servers to do) and will become site2, site3, etc.
I was originally going to make HQ simply company.local - but I guess because I'm not starting with that DC I can't - unless I make site1 a standalone server, wait until company.local is running then dcpromo site1 to join the namespace. Is my logic correct? It wouldn't be a problem to make the HQ domain = hq.company.local - that way, because there's then no higher level than xxxx.company.local am I right in saying I can create the sites in any order? Am I also right in thinking that I can't realistically make every site simply company.local because of the reduced ability to manage traffic between the DCs over slow links?
2) We have a lot of mobile users who work from home, out on the road, and at several of our sites. Our e-mail solution is entirely outsourced so that's not an issue - what I'm trying to suss now is the best way to handle their profiles. I'd like desktop users to have roaming profiles in order that everything is available to them, including their documents, at every desktop per site. Laptop users I'll probably use file synchronisation so they are responsible for choosing which files to store on the server shares and sync, and which to keep to themselves. However, I still want laptop users to use a mandatory profile, so they can't mess with settings.
I don't have much experience of laptop users working outside their domain but I see from tests that machines will load a local copy of their profile if they can't reach the DC. What happens if firstname.lastname@example.org logs in at site1.company.local ? I guess because he's a user for a different domain his machine wont attempt to sync back to his "home" server (not a great idea over a slow link) but I'd like him to be able to see the shares available at that site, even if he has to have UNC shortcuts to the shares at each site. Would he have to exist as a user in every domain for this to work?
Your input appreciated, as always!