hotcam
asked on
Multiple Sites, DCs, WAN...Your Opinion needed...
I have about 12 sites connected throughout the city by frame relay. We run 2000/2003 mixed mode. Currently, we have a DC at every site we have. Apparently, the thinking was that "if there is no DC there, and the link goes down, they will still be able to log on".
However, I'm thinking that if the link is down, the only reason that they wouldn't be able to log on would be if they are a brand new user, or they are logging on to a machine they haven't used before. In addition, if the link is down (which is almost never is), they won't be able to do much at all, able to log on or not...
So, I'm considering simplifying the network some and demoting all the branch office DCs. I still have two at our hub site. I may keep another across one of the WAN links on our second largest site just so I will have another outside this building.
Am I missing anything I should consider?
However, I'm thinking that if the link is down, the only reason that they wouldn't be able to log on would be if they are a brand new user, or they are logging on to a machine they haven't used before. In addition, if the link is down (which is almost never is), they won't be able to do much at all, able to log on or not...
So, I'm considering simplifying the network some and demoting all the branch office DCs. I still have two at our hub site. I may keep another across one of the WAN links on our second largest site just so I will have another outside this building.
Am I missing anything I should consider?
ASKER
That is the way it's set up right now, so yes. If the WAN link goes down, they can't get to the internet. These are not VPN links, they are frame. All the net traffic "flows" through hub site for filterning, etc.
I'm thinking it's a waste to have this config, because a lot of those sites only have 3 users or so... So auth traffic I would imagine would be minimal...
I'm thinking it's a waste to have this config, because a lot of those sites only have 3 users or so... So auth traffic I would imagine would be minimal...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ah hah! Great point about software distribution. That's not something we are doing at the moment, but we will be.
Yes, I was unless there was a compelling reason to keep them.
There are rare FRS troubles... cleared up some of that when I came on here.
Thanks!
Yes, I was unless there was a compelling reason to keep them.
There are rare FRS troubles... cleared up some of that when I came on here.
Thanks!
A good solution is to place at least 1 domain controller at the remote site "if it's within your budget", and this will handle all logon's. When the link goes down, the users will be able to logon fine and have access to the domain, and when the link is back up the domain will replicate with the other domain controllers.
You will need to make the domain controller at the remote site a Global Catalogue, this will handle logon requests.
This setup has many advantages eg, quicker logon time because it doesn't send the request over the internet VPN or WAN, and also it saves WAN bandwidth.
Hopes this helps