Domain Restructuring

We recently took over IT support roles for a local bank.  The bank has 6 branches and roughly 120 PCs.  Originally, when the networks were setup, there was no inter-branch communication.  BranchA could not talk to BranchB, etc.  As such, there was separate domains setup at each location.  From a management standpoint, this is a nightmare.  Everything that has to be done, has to be done 6 times.  Group policy changes, security changes, WSUS installations, MBSA Scans, etc.  

Now they have a VPN between all locations.  I am trying to figure out the best way to switch their domains around.  The main branch we'll call BranchA has the most PCs and Uppermanagement personnel.  The other branches have basic bank operations, tellers, csrs, etc.  4 of the branch servers are running Windows Server 2003, 2 are running Windows 2000 Server.

At first I was thinking of connecting all PCs to the BRANCHA domain, switching all servers to be domain controllers and setting up sites and OU's in active directory.  Then I was thinking about child domains.

Any help would be appreciated.

Thank you.
CoastalSlnsAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ryansotoCommented:
Why do child domains?  I would create one flat domain and since there is a vpn all machines can be joined to that domain.....
I would also make all server local domain controllers and also use AD sites and services as you suggested.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
SysExpertCommented:
As usual, it is best to test with the smallest branch or a test LAB, and make sure you have full backups before hand.


I hope this helps !
0
Lee W, MVPTechnology and Business Process AdvisorCommented:
Are the servers secured in each location?  If not, you should probably consider using 2008 servers in the branches (I assume the branches would be the greatest security risks) as that way you can use RoDCs there (You will need to be in 2003 Native mode so that means getting rid of the 2000 DCs).  And you'll need one DC in the main office with 2008.

I agree, flat structure is best, but from security standpoint, the RoDC concept is probably your best option.
0
CoastalSlnsAuthor Commented:
We ended up using AD Domain Rename tool to rename the BranchA domain to a more acceptable domain name for the entire bank.  We waited about 2 weeks and then moved over BranchB to the new domain and all the PCs.  What a nightmare that was.  We are in the process of moving the other branches now, 1 at a time.  Fun fun!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Server OS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.