Solved

Multiple Sites, DCs, WAN...Your Opinion needed...

Posted on 2006-06-30
4
327 Views
Last Modified: 2010-03-19
I have about 12 sites connected throughout the city by frame relay. We run 2000/2003 mixed mode. Currently, we have a DC at every site we have. Apparently, the thinking was that "if there is no DC there, and the link goes down, they will still be able to log on".

However, I'm thinking that if the link is down, the only reason that they wouldn't be able to log on would be if they are a brand new user, or they are logging on to a machine they haven't used before. In addition, if the link is down (which is almost never is), they won't be able to do much at all, able to log on or not...

So, I'm considering simplifying the network some and demoting all the branch office DCs. I still have two at our hub site. I may keep another across one of the WAN links on our second largest site just so I will have another outside this building.

Am I missing anything I should consider?
0
Comment
Question by:hotcam
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 

Expert Comment

by:stalkerz
ID: 17017167
If there is no DC at the remote office, and the link goes down, then the users would not be able to logon, however they will be able to log on with "cached credentials". Basically they can logon to their PC's but will obviously have no access to other server's over the internet. They can function with local resources, such as printers on the local network, database's on the local network.
A good solution is to place at least 1 domain controller at the remote site "if it's within your budget", and this will handle all logon's. When the link goes down, the users will be able to logon fine and have access to the domain, and when the link is back up the domain will replicate with the other domain controllers.
You will need to make the domain controller at the remote site a Global Catalogue, this will handle logon requests.

This setup has many advantages eg, quicker logon time because it doesn't send the request over the internet VPN or WAN, and also it saves WAN bandwidth.

Hopes this helps
0
 
LVL 1

Author Comment

by:hotcam
ID: 17017183
That is the way it's set up right now, so yes. If the WAN link goes down, they can't get to the internet. These are not VPN links, they are frame. All the net traffic "flows" through hub site for filterning, etc.

I'm thinking it's a waste to have this config, because a lot of those sites only have 3 users or so... So auth traffic I would imagine would be minimal...
0
 
LVL 96

Accepted Solution

by:
Lee W, MVP earned 300 total points
ID: 17017644
From a different perspective... why do you want to remove DC functionality?  Is there a problem?  Is the replication taking too long?  What happens if you decide to push applications via group policy.  Wouldn't it be better to then have the DC in place so you could utilize sites and services to ensure that when you push applications you're not doing it 3+ times (one for each system there) and instead are only doing it once - to the DC.

Your wording suggests you are planning on doing this unless someone can convince you otherwise.

If you didn't have servers at the sites, then for three users I probably don't implement them.  But since you already do, then you might as well use them.  Ultimately, if the sites don't need servers at all (3 users need a server?) then you should start retiring them as you'll save on electric costs, licensing costs, and maintainance costs.  But if they need the servers anyway, leave them be.
0
 
LVL 1

Author Comment

by:hotcam
ID: 17017674
Ah hah! Great point about software distribution. That's not something we are doing at the moment, but we will be.

Yes, I was unless there was a compelling reason to keep them.

There are rare FRS troubles... cleared up some of that when I came on here.

Thanks!
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question