Solved

Multi-Site Active Directory Doman

Posted on 2006-06-16
4
1,079 Views
1 Endorsement
Last Modified: 2013-12-23
First some basic info:

3 offices and a Windows 2003 Active Directory Domain.  All Windows XP SP2 Workstations and laptops.

The Main Office has subnett of 192.168.2.0/24 and a domain controller named "server".
The Home Office has a subnett of 192.168.3.0/24 and no domain controller.
The Branch Office has a subnett of 192.168.5.0/24 and a domain controller named "server-2".

All offices are linked via IPSEC VPN, main office has T1 and other office have DSL.

All users have Roaming Profiles, and My Documents Folder Redirection.  There are Software Policies, the MSI packages are located on "server".

The Main Office has been up for almost 6 months now, and the home office has been logging in via VPN since then, as a result the home office has slow login time and slow access to My Documents and Shared Drive.  They currently accept that and live with it.

A new brach office has just been added in, I placed a domain controller named "server-2" and assigned it to a diffrent site in Active Directory.  Currently the sites are as follows:

MainOffice
BranchOffice1

The branch office will have it's own set of users, some computers from the main office will be moved to the branch office.  Some users will work in both offices.

What is the most effecient setup/design so that users in the BranchOffice will not have slow logon, slow access to My Documents, the Shared Drive and so that users in both offices have a decent speed when accessing thier stuff?

Also, is it possible to have the software policies "choose" the closet server? Would I place the software packages on both servers?

Is it possible to have policies that are applied on a site only basis with having to create computer groups?
1
Comment
Question by:tuaris
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 13

Accepted Solution

by:
hstiles earned 300 total points
ID: 16940359
The most efficient will be two setup domain controllers for your AD domain in each of the larger offices.  Create sites under AD sites and services for each office.  You also define subnets here and assign the correct subnet to each site.

Next, move your roaming profile and home directories for branch users to a local file server or the DC and modify the account properties so that they reflect the new location.

As for your software policies, it depends on the path you use for the software distribution point.  If they're replicated as part of the sysvol share and the unc path incorporates the domain name rather than a specific server name, then they will be distributed from whatever domain controller the client has used to authenticate - in theory the quickest.

The users that span both offices will always experience slower logon times.  All you can do to mitigate this is to associate their account (profile, etc...) with the DC in the office where they work most frequently.
0
 
LVL 1

Author Comment

by:tuaris
ID: 17198028
I noticed when logging off, Windows will syncronize all the offline files for all users that have logged into the machine.  

For example I have one user, John that normaly logs into the Main Office.  Sometime he will go to the branch office and log into one of the computers thier.  When a diffrent user at the branch office, Sam, logs on and off, Windows will syncronize both John and Sams files.  Is thier a way to have windows Syncronize only Sam's files when Sam logs off and John's files when John logs off?
0

Featured Post

SharePoint Admin?

Enable Your Employees To Focus On The Core With Intuitive Onscreen Guidance That is With You At The Moment of Need.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

FIPS stands for the Federal Information Processing Standardisation and FIPS 140-2 is a collection of standards that are generically associated with hardware and software cryptography. In most cases, people can refer to this as the method of encrypti…
Nslookup is a command line driven utility supplied as part of most Windows operating systems that can reveal information related to domain names and the Internet Protocol (IP) addresses associated with them. In simple terms, it is a tool that can …
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question