[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Active Directory Design Help

Posted on 2007-10-03
6
Medium Priority
?
224 Views
Last Modified: 2010-08-05
Hi

We are planning to install AD across two sites and require some assistance with the second site.

Site A will consist of:
Server 1 - Domain Controller - Global catalog server - DNS
Server 2 - Exchange 07 - member domain server
Server 3 - SQL Server, backup DNS

Site B will have a primary file server but we are not sure what the best way to configure this is.  Do we create one domain with two sites or the other way round?

We are unsure what the best way to create the AD for the second site.  We would like users from site 1 to be able to login at site 2.  we would also like to put in a second global catalog server, could we put this at site 2 or does this have to be at site 1.  how much load would this put on the link between the sites.
The two sites will be connected by a 2mb leased line.
0
Comment
Question by:bains1000
6 Comments
 
LVL 26

Accepted Solution

by:
MidnightOne earned 500 total points
ID: 20007675
One domain, two sites. A DC at each site, with the infrastructure master NOT being a global catalog server.

HTH

MidnightOne
0
 
LVL 4

Assisted Solution

by:DeanC30
DeanC30 earned 500 total points
ID: 20007684
Personally I would create a single domain, configure up 2 sites.  Add a DC into Site 2, configure this as a GCS, & DNS server.  This way users will use local resources for name resolution, and logon.  Depending on how stable your AD config is  (i.e. number of changes made)  I would schedule AD replication to run overnight to reduce the load on your network.  However a 2Mb leased line should be sufficent to handle your requirements.

Just my tup'pence
0
 
LVL 70

Assisted Solution

by:KCTS
KCTS earned 500 total points
ID: 20007762
You only need two domains if you want a degree of seperation, different security boundaries and different password/account policies. In this case I dont think that applies so a single domain would be preferred.

As you have two physical sites it woulls make sense to have two sites in Active Directory also. To give some resilliance and to reduce intersite traffic then two domain controllers, one on each site with both configured with AD Integrated DNS and both holding a copy of the global catalog would be best.

Alternatively you could consider a terminal server solution for the second site.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LVL 23

Assisted Solution

by:Jeremy Weisinger
Jeremy Weisinger earned 500 total points
ID: 20007798
I agree Dean and MidnightOne.

" ...with the infrastructure master NOT being a global catalog... "
I just want to add that this is only applicable in a multi domain environment. If there's just one domain then there's no harm in having the IM on a GC.
0
 
LVL 23

Expert Comment

by:Jeremy Weisinger
ID: 20007810
Oh, I also agree with KCTS. (didn't see your comments)
0
 

Author Comment

by:bains1000
ID: 20007836
thanks for your comments.  Our thoughts were heading down the right route.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

825 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question