Active Directory Domain Design
Posted on 2006-11-03
We have a single domain infrastructure isolated from the rest of the world, in other words not connected over the internet. Lets assume the domain is named mydomain.com. In this domain a number of GPO policies are being enforced along side to many other services such as network files shares mapping. One of our remote offices is linked to our system via a direct leasesd line with a slow bandwidth of 128K only and all the computers there are part of mydomain.com computers. That remote office over the years grew from a single computer to over 12 computers and they are all linked via a 128K line and the overall preformance have degraded significantly, users are experiancing slow logins (due to the number of policies being enforced and loaded on both boot and login).
I am begining to think it would be much more efficient to have a new domain controller located at the remote office and have all the computers there authenticate and load the GPOs from that local domain controller. My question is, should i just add another domain controller to the existing domain or should i create a new subdomain (remote.mydomain.com)? if i do create a subdomain would any applications on the mydomain.com enforced by NTFS rules work on subdomain?