Solved

Active Directory Domain Design

Posted on 2006-11-03
4
267 Views
Last Modified: 2010-04-18
Hi,

We have a single domain infrastructure isolated from the rest of the world, in other words not connected over the internet. Lets assume the domain is named mydomain.com. In this domain a number of GPO policies are being enforced along side to many other services such as network files shares mapping. One of our remote offices is linked to our system via a direct leasesd line with a slow bandwidth of 128K only and all the computers there are part of mydomain.com computers. That remote office over the years grew from a single computer to over 12 computers and they are all linked via a 128K line and the overall preformance have degraded significantly, users are experiancing slow logins (due to the number of policies being enforced and loaded on both boot and login).

I am begining to think it would be much more efficient to have a new domain controller located at the remote office and have all the computers there authenticate and load the GPOs from that local domain controller. My question is, should i just add another domain controller to the existing domain or should i create a new subdomain (remote.mydomain.com)? if i do create a subdomain would any applications on the mydomain.com enforced by NTFS rules work on subdomain?

Thank you.

-Amer


0
Comment
Question by:amersharaf
  • 3
4 Comments
 
LVL 43

Accepted Solution

by:
Steve Knight earned 125 total points
ID: 17865006
No need for anotehr domain unless you need highly seperated administation etc.  Just setup a new DC and create two sites in AD sites and services and assign the subnet for each office and each dc to the correct site.  Local users will pickup their local DC.  A 128k line is a bit slow but replication can be set in sites and services to maybe once per half hour or so or whatever works out best for your line usage.  The difference with logins with a local DC there will be immense.

Make it a Global catalogue server too and make sure DNS is instaleld there.  Might aswell make it your DHCP too and have it hand out the local DNS server address.

If you create a subdomain effectively you then have two DC's on two domains without any resillience. This way if you lose your DC for some reason you can get it back by creating a new one from the one at your other site over the wire.

If your domain was huge you could use the new 2003 methods of dcpromo from backup but frankly just do it in some off-peak time and all should be OK, just might take a while to replicate.

If unsure on any of this please ask.
Steve
0
 

Author Comment

by:amersharaf
ID: 17865798
I believe the first option works best for me. Moreover Having the DNS installed at the remote DC will also relieve the 128 Link from DNS quiries but wont the DNS server consume the bandwidth when Sync-ing with the other DNS servers more than if the DNS quieries went directly to the Office DNS Server?

Could you also give me an idea of how much bandwidth DC to DC syncronization would take? Is it mostly low traffic Acknowledgments with the occasional updates?

Thanks
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17866439
What kind of size are we talking about for AD here, dozens of users, hundreds.  To be honest I can't put a quantity on the amount of data transferred but it is incremental, i.e. the whole database isn't sent and if you setup different sites the data is compressed too and scheduled on the schedule you define.

Either way it will be a lot less than having a dozen clients authenticating over the WAN IMHO.

Steve
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17867070
Good luck, thanks for the points.

Steve
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question