?
Solved

Active Directory Domain Design

Posted on 2006-11-03
4
Medium Priority
?
271 Views
Last Modified: 2010-04-18
Hi,

We have a single domain infrastructure isolated from the rest of the world, in other words not connected over the internet. Lets assume the domain is named mydomain.com. In this domain a number of GPO policies are being enforced along side to many other services such as network files shares mapping. One of our remote offices is linked to our system via a direct leasesd line with a slow bandwidth of 128K only and all the computers there are part of mydomain.com computers. That remote office over the years grew from a single computer to over 12 computers and they are all linked via a 128K line and the overall preformance have degraded significantly, users are experiancing slow logins (due to the number of policies being enforced and loaded on both boot and login).

I am begining to think it would be much more efficient to have a new domain controller located at the remote office and have all the computers there authenticate and load the GPOs from that local domain controller. My question is, should i just add another domain controller to the existing domain or should i create a new subdomain (remote.mydomain.com)? if i do create a subdomain would any applications on the mydomain.com enforced by NTFS rules work on subdomain?

Thank you.

-Amer


0
Comment
Question by:amersharaf
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 43

Accepted Solution

by:
Steve Knight earned 500 total points
ID: 17865006
No need for anotehr domain unless you need highly seperated administation etc.  Just setup a new DC and create two sites in AD sites and services and assign the subnet for each office and each dc to the correct site.  Local users will pickup their local DC.  A 128k line is a bit slow but replication can be set in sites and services to maybe once per half hour or so or whatever works out best for your line usage.  The difference with logins with a local DC there will be immense.

Make it a Global catalogue server too and make sure DNS is instaleld there.  Might aswell make it your DHCP too and have it hand out the local DNS server address.

If you create a subdomain effectively you then have two DC's on two domains without any resillience. This way if you lose your DC for some reason you can get it back by creating a new one from the one at your other site over the wire.

If your domain was huge you could use the new 2003 methods of dcpromo from backup but frankly just do it in some off-peak time and all should be OK, just might take a while to replicate.

If unsure on any of this please ask.
Steve
0
 

Author Comment

by:amersharaf
ID: 17865798
I believe the first option works best for me. Moreover Having the DNS installed at the remote DC will also relieve the 128 Link from DNS quiries but wont the DNS server consume the bandwidth when Sync-ing with the other DNS servers more than if the DNS quieries went directly to the Office DNS Server?

Could you also give me an idea of how much bandwidth DC to DC syncronization would take? Is it mostly low traffic Acknowledgments with the occasional updates?

Thanks
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17866439
What kind of size are we talking about for AD here, dozens of users, hundreds.  To be honest I can't put a quantity on the amount of data transferred but it is incremental, i.e. the whole database isn't sent and if you setup different sites the data is compressed too and scheduled on the schedule you define.

Either way it will be a lot less than having a dozen clients authenticating over the WAN IMHO.

Steve
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17867070
Good luck, thanks for the points.

Steve
0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Organizations create, modify, and maintain huge amounts of data to help their businesses earn money and generally function.  Typically every network user within an organization has a bit of disk space to store in process items and personal files.   …
Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question