Networking 2 offices together with Exchange

Posted on 2008-02-06
Medium Priority
Last Modified: 2013-12-05
Hello Experts,

Current situation:
2 Offices (in different cities approx 20 miles away, both offices have DSL with static IPs)
2 Servers (1 powerhouse, 1 medium)
8 Workstations (4 in each office)
2 Linksys VPN Endpoints
Windows 2003 Enterprise on both servers

Services I want to run: Exchange 2003 with RPC over HTTPs, MS Fax, DNS, Active Directory, File/Print, and an office management software. I can completely configure the first office and the powerhouse server to run the aforementioned services. My question is what is the best way to configure office 2 with the medium server? The office will be linked via VPN with the Linksys routers. Should the second server be a member server, child domain, site link, etc? All employees of office 2 will access their Exchange mailbox via RPC over HTTPs, unless there is a better way to do it.

I have limited knowledge of DNS so if answers have DNS issues a detailed explanation is VERY much appreciated.

Thank you.
Question by:calbackup
  • 2
  • 2
LVL 14

Expert Comment

ID: 20838481
Scenario 1
Configure your medium server at the remote site as DC and global catalogue, so user logon times will be much faster and as long as you have dedicated VPN gateways, they can use outlook in corporate mode as if they are at your site, no RPC over https. Ofcourse your bandwith will play a majore role here.

Scenario 2
Configure your medium server at site two as a file server. Do not join your server or any workstation the domain, keep the site in workgroup mode but direct the users to use RPC over HTTPS as you suggest, that's all they need from active directory anyways.As for DNS, there is not much to do. The first site already has active directory integrated DNS which is created automatically and on the remote site use any external DNS server for internet access.

Unless you want to apply policies through GPOs. then you will have to go with scenario 1, or else scenario 2 is the way to go especially with DSL connection.

Let mw know of what you think.


Author Comment

ID: 20838712
I want the users in office number 2 to be apart of the domain to centralize management and administration. so scenairo 1 sounds better. But what is the correct way to configure office 2 server? should be a member server through the vpn? is there a better way for them to replicate AD information?
LVL 14

Accepted Solution

isaman07 earned 2000 total points
ID: 20841484
The best way is to cpnfigure the server as a DC and a global catalogue, so users will not have to use the VPN to authenticate against the DC in site 1, and if in case your DC is down for some reason in site one, site 2 users will continue to login.Configure your AD replication as needed, the default value is 5 minutes, this could be bandwidth consumming problem.
Alternatively, you can configure office 2 as a site in active directory, then you can configure the replication using RPV or smtp or IP.
If it was, i would start with scenario 1 and see how is it going, if you have too many problems or it's too slow, then i would think about other solutions to make it better. Here are some usefull links.


Author Comment

ID: 20846942
I will try that, thank you.

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this post, we will learn to set up the Group Naming policy and will see how it is going to impact the Display Name and the Email addresses of the Group.
In my humble opinion (IMHO), TouchDown from Symantec is the best in class for this type of application, but Symantec has end-of-lifed it and although one can keep using it, it will no longer be supported or upgraded.  Time to look for alternatives t…
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Suggested Courses

600 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question