rhinoceros
asked on
New remote domain
512K VPN line to connect 2 remote offices, they have own DCs. We just transfer file or PC remote through these VPN lines.
Domain A ------- 512K VPN --------- Domain B
/
/
512K VPN
/
/
Domain C
Now we will setup new office again, but my BOSS asks me that we can centralize account management in Head Office with new remote site?
1. Move Additional Domain Controller of Domain A (w/ Global Catalog) to new site D ?
2. Build up Child domain on new site D ?
3. Just linked up by 512K thin VPN tunnel, is it enough to support frequent replication for 1 or 2 ?
4. Or Seperate Domain (DCs) like as Domain B and Domain C ?
Can tell me which one is the best solution please ? (why?)
Thanks !
Domain A ------- 512K VPN --------- Domain B
/
/
512K VPN
/
/
Domain C
Now we will setup new office again, but my BOSS asks me that we can centralize account management in Head Office with new remote site?
1. Move Additional Domain Controller of Domain A (w/ Global Catalog) to new site D ?
2. Build up Child domain on new site D ?
3. Just linked up by 512K thin VPN tunnel, is it enough to support frequent replication for 1 or 2 ?
4. Or Seperate Domain (DCs) like as Domain B and Domain C ?
Can tell me which one is the best solution please ? (why?)
Thanks !
R -
I agree - there is no compelling reason here for anything but a flat, single domain -
If you have separate domains now, we can pick a strategy to migrate the accounts if you want to simplify - or create a forest structure if you don't.
Your real configuration focus needs to be on Active Directory Sites: Sites are used to manage authentication and replication traffic.
With them, you can set frequency of site-to-site replication and other traffic-shaping options.
You may also want to look at DFS (Distributed File Services) - with which you can create & maintain replicated shares at each Site.
Some considerations for the above:
How much traffic is there over these lines?
What volume of file changes are there each day?
What volume of files are accessed remotely?
Also -
Are you running any server-based Database applications?
Are you running an Exchange server at any of these locations?
Where there's a will, there's a way!
I agree - there is no compelling reason here for anything but a flat, single domain -
If you have separate domains now, we can pick a strategy to migrate the accounts if you want to simplify - or create a forest structure if you don't.
Your real configuration focus needs to be on Active Directory Sites: Sites are used to manage authentication and replication traffic.
With them, you can set frequency of site-to-site replication and other traffic-shaping options.
You may also want to look at DFS (Distributed File Services) - with which you can create & maintain replicated shares at each Site.
Some considerations for the above:
How much traffic is there over these lines?
What volume of file changes are there each day?
What volume of files are accessed remotely?
Also -
Are you running any server-based Database applications?
Are you running an Exchange server at any of these locations?
Where there's a will, there's a way!
ASKER
Indeed, I really want to know what the main consideration is when we decide to run "Secondary Domain Controller" or "Separate Domain” on new site except the VPN (bandwidth).
Thanks a lot !
Thanks a lot !
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Exactly.
you need to look at what you need in a domain.....
do you need to have a separate directory structure for the new site? It is much better to build your new site with a secondary domain controller which will link the AD Database together and replicate just fine through your VPN tunnel
unless you specifically need separate domains there is no point you just create more work and a less effective way or working
Cheers!