Solved

AD design advise

Posted on 2006-10-30
7
241 Views
Last Modified: 2010-04-18
Hi,
I'm trying to design a network. Here is my plan, tell me what you think.
Site A
Forest Root, Domain Controller, Exhcange, SAN.

Site B
Connected to Site A via VPN over T1. Joined to the domain in Site A and grouped as a Site in Sites and Services.
It would have it's own DC.

Site C
Currently only connected via the internet, RDP. Will eventually have a site to site VPN to Site A.
May or may not have it's own DC. Joined to the same domain in Site A and segmented into a site via Sites and Services.

This way I can schedule replication for off peak hours between the DCs and still administer everything from one location. Our main goal is something that can grow quickly with us. Right now there is only one Admin at site A. In a year from now we foresee the need for another admin at Site B. Would this design allow to quickly move to seperate domains or child domains under the same forest?
Thanks
0
Comment
Question by:NickGT20
  • 3
  • 2
  • 2
7 Comments
 
LVL 10

Assisted Solution

by:Chris_Gralike
Chris_Gralike earned 50 total points
ID: 17837373
If you suggest a forest spread over multiple locations as in;

                                      mycorp.local  (main location)
                                             |
                                             |
                                          /    \
                                       /          \
                                /                       \
             siteB.mycorp.local            siteC.mycorp.local

Yeah it should allow quite easy growth. and if im not mistaken is also the way microsoft advices to set up multiple sites in an forest...

Regards,
0
 
LVL 10

Expert Comment

by:Chris_Gralike
ID: 17837379
But why do this manually and not while promoting the new domains in the forest as new domain in exsisting forest?

Regards,
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17837837
unless you have a specific need for child domains then the above design is fine....make sure that you configure a site within AD for each site that you have and that you have a minimum of 1 DC and 1 DNS server per site as well as a GC
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 
LVL 2

Author Comment

by:NickGT20
ID: 17843998
Well, what I have is a DC with DNS and GC at site B and Site A.
Is it mandatory that site C have a DC? I thought it can still authenticate through the VPN to either Site B or Site A?
I hear conflicting reports as to whether I should just do Sites or child domains. As I am  the only admin right now I want it to be easy for me to administer users and email. We only have one Exchange server right now. Site B has an exchange server that isn't in use right now, but will most likely get used once I get to configure it. If I can set up child domains and still have users replicated between the domains that would be good, and they still all need to use the single exchange server for now. And I want all the mail to look like it's coming from mydomain.com not sales.mydomain.com.
Thanks
0
 
LVL 48

Accepted Solution

by:
Jay_Jay70 earned 450 total points
ID: 17846367
well child domains are not for you in this scenario, you are basing purely on sites so there is 0 need whatsoever, child domains dont replicate with other sites, what you want is a DC in each site for you current domain and let it replicate. One exchange server is fine, have this at your root site.

You dont have to have a DC at site C, but it will make life a lot easier for you and chew up much less bandwidth as well as making everything perform faster

Child domains are where you have like separate parts of a company. Eg, last mob i worked for had a national office (Domain.com) then sub domains for each state which had its own database of users and groups and security etc. (state1.domain.com, State2.domain.com) Each sub domain was an individual business that did not need to replicate anwywhere......
0
 
LVL 2

Author Comment

by:NickGT20
ID: 17849364
Thanks guys.

0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17854194
not a problem
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Along with being a a promotional video for my three-day Annielytics Dashboard Seminor, this Micro Tutorial is an intro to Google Analytics API data.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now