Solved

Active Directory Domain Design

Posted on 2006-11-03
4
268 Views
Last Modified: 2010-04-18
Hi,

We have a single domain infrastructure isolated from the rest of the world, in other words not connected over the internet. Lets assume the domain is named mydomain.com. In this domain a number of GPO policies are being enforced along side to many other services such as network files shares mapping. One of our remote offices is linked to our system via a direct leasesd line with a slow bandwidth of 128K only and all the computers there are part of mydomain.com computers. That remote office over the years grew from a single computer to over 12 computers and they are all linked via a 128K line and the overall preformance have degraded significantly, users are experiancing slow logins (due to the number of policies being enforced and loaded on both boot and login).

I am begining to think it would be much more efficient to have a new domain controller located at the remote office and have all the computers there authenticate and load the GPOs from that local domain controller. My question is, should i just add another domain controller to the existing domain or should i create a new subdomain (remote.mydomain.com)? if i do create a subdomain would any applications on the mydomain.com enforced by NTFS rules work on subdomain?

Thank you.

-Amer


0
Comment
Question by:amersharaf
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 43

Accepted Solution

by:
Steve Knight earned 125 total points
ID: 17865006
No need for anotehr domain unless you need highly seperated administation etc.  Just setup a new DC and create two sites in AD sites and services and assign the subnet for each office and each dc to the correct site.  Local users will pickup their local DC.  A 128k line is a bit slow but replication can be set in sites and services to maybe once per half hour or so or whatever works out best for your line usage.  The difference with logins with a local DC there will be immense.

Make it a Global catalogue server too and make sure DNS is instaleld there.  Might aswell make it your DHCP too and have it hand out the local DNS server address.

If you create a subdomain effectively you then have two DC's on two domains without any resillience. This way if you lose your DC for some reason you can get it back by creating a new one from the one at your other site over the wire.

If your domain was huge you could use the new 2003 methods of dcpromo from backup but frankly just do it in some off-peak time and all should be OK, just might take a while to replicate.

If unsure on any of this please ask.
Steve
0
 

Author Comment

by:amersharaf
ID: 17865798
I believe the first option works best for me. Moreover Having the DNS installed at the remote DC will also relieve the 128 Link from DNS quiries but wont the DNS server consume the bandwidth when Sync-ing with the other DNS servers more than if the DNS quieries went directly to the Office DNS Server?

Could you also give me an idea of how much bandwidth DC to DC syncronization would take? Is it mostly low traffic Acknowledgments with the occasional updates?

Thanks
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17866439
What kind of size are we talking about for AD here, dozens of users, hundreds.  To be honest I can't put a quantity on the amount of data transferred but it is incremental, i.e. the whole database isn't sent and if you setup different sites the data is compressed too and scheduled on the schedule you define.

Either way it will be a lot less than having a dozen clients authenticating over the WAN IMHO.

Steve
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17867070
Good luck, thanks for the points.

Steve
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question