Seperating locations in AD

Posted on 2007-08-06
Medium Priority
Last Modified: 2010-03-17
How do  you seperate locations in Active Directory?  I just upgraded a NT4 BDC to 2003 AD and I'm testing it before I make it active.  I want to seperate the Chicago plant, the Phoenix plant, and the Miami plant from eachother.  that way the users/computer accounts go into those locations instead of just the "general domain" like we had in the NT4 domain.
Question by:rbeattie27
  • 2
  • 2
LVL 31

Accepted Solution

Toni Uranjek earned 300 total points
ID: 19641187

Use OU (organizational units) to organize objects in your domain. You might consider using AD sites and subnets if your network is physical separated (not on the same LAN). In this case each location (site) has to have its own DC and at least one IP subnet defined.



Author Comment

ID: 19641326
I've seen that done at a previous location but a few of the sites didn't have a DC.  How did they do that?

Author Comment

ID: 19641334
Sorry, our other sites do have seperate subnets but I don't want to have to build a DC for 10 computers at a remote facility.
LVL 70

Assisted Solution

KCTS earned 75 total points
ID: 19641368
If you have seperate geographical locations then you can define subnets in Active Directory Sites and Services and then create sites and allocate one or more subnets to each site. Proper use os sites reduces intersite traffic, especially if you set up a domain controller on each site with a global catalog (as is the recommended setup).

When you use sites clients should be set to point to the local DC for their DNS and will use a DC on their own site for authentication in perference to other DCs.

All computer and user accounts will be replicated to all domain controllers in the domain - as is always the case with Active Directory - which allows other DCs to be used should any DC fail or be unavailable and also means that users who move between sites will be abole to log on without issues.
LVL 31

Expert Comment

by:Toni Uranjek
ID: 19641419
It's pointles to create site in AD sites and services without domain controller. Just create IP subnet and associate it with nearest site.

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here's a look at newsworthy articles and community happenings during the last month.
Transferring FSMO roles is done when an admin wants to split roles between certain Domain Controllers or the Domain Controller holding the Roles has been forcefully demoted using dcpromo / forceremoval
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question