• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 274
  • Last Modified:

Domain Restructuring

We recently took over IT support roles for a local bank.  The bank has 6 branches and roughly 120 PCs.  Originally, when the networks were setup, there was no inter-branch communication.  BranchA could not talk to BranchB, etc.  As such, there was separate domains setup at each location.  From a management standpoint, this is a nightmare.  Everything that has to be done, has to be done 6 times.  Group policy changes, security changes, WSUS installations, MBSA Scans, etc.  

Now they have a VPN between all locations.  I am trying to figure out the best way to switch their domains around.  The main branch we'll call BranchA has the most PCs and Uppermanagement personnel.  The other branches have basic bank operations, tellers, csrs, etc.  4 of the branch servers are running Windows Server 2003, 2 are running Windows 2000 Server.

At first I was thinking of connecting all PCs to the BRANCHA domain, switching all servers to be domain controllers and setting up sites and OU's in active directory.  Then I was thinking about child domains.

Any help would be appreciated.

Thank you.
1 Solution
Why do child domains?  I would create one flat domain and since there is a vpn all machines can be joined to that domain.....
I would also make all server local domain controllers and also use AD sites and services as you suggested.
As usual, it is best to test with the smallest branch or a test LAB, and make sure you have full backups before hand.

I hope this helps !
Lee W, MVPTechnology and Business Process AdvisorCommented:
Are the servers secured in each location?  If not, you should probably consider using 2008 servers in the branches (I assume the branches would be the greatest security risks) as that way you can use RoDCs there (You will need to be in 2003 Native mode so that means getting rid of the 2000 DCs).  And you'll need one DC in the main office with 2008.

I agree, flat structure is best, but from security standpoint, the RoDC concept is probably your best option.
CoastalSlnsAuthor Commented:
We ended up using AD Domain Rename tool to rename the BranchA domain to a more acceptable domain name for the entire bank.  We waited about 2 weeks and then moved over BranchB to the new domain and all the PCs.  What a nightmare that was.  We are in the process of moving the other branches now, 1 at a time.  Fun fun!

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now