Site Planning

Posted on 2009-03-29
Last Modified: 2012-05-06
First post is always frightening, but i'll live.
I've currently got a site with two locations geographically spread by around 200m.
They are currently tied together with Cisco 1200 series waps in bridge mode with directional antennas at 54mbps.

Site A - is the main site with fibre to the curb providing internet and wan activity. It currently houses a 2k8 PDC (DHCP/DNS/AD) and 2k3 BDC(DNS/Print/WSUS/Deployment/AV) and a Web server.  Site A houses around 200 workstations and 50+ mobile devices, 1000 odd users.
No issues, just working really smoothly.

Site B - currently has about 50 workstations and 10 mobile devices. Workstations cabled, mobile wi-fi. All cisco Hardware. The building is going to be demolished in a years time and a new one built in its place so I'm holding out on the fibre or microwave link to get them connected flawlessly.

Im concerned that in an AD environment where there is a whole lot of traffic with the SOE currently in commission that Symantec updates/wsus updates/ logins, gpo's, software all sorts of things arent going to cope. So im trying to figure out what I do as far as getting network continuity.

Im just throwing around ideas at the moment. I'm not quite sure how to tackle it.
My thoughts are to build another DC making it a global catalog and dns server in the same Domain and localise some of the services to that server, break down the traffic flow locally.

Do clients make authoritive connections to the DC with the lowest latency or do they always pass via the PDC. Is putting another DC down at the other site a viable option? Am I going to increase replication traffic due to creating another Global Catalog? Can you throttle full replication to the back of the clock? Do I create another domain within the forest on another subnet? Am I wasting my time even considering this. Feel free to chime in. Theres too many Ideas floating around my head.


Question by:InsightNetworks
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 18

Accepted Solution

Americom earned 125 total points
ID: 24016090
User authenticate to any DC respond to user upon request. What you can do is create AD site to control user authentication as well as replication. With AD Sites, user will by default authenticate to the local DC to it's local site. User can still be authenticated by the remote site DC if the local site DC is not available.

I don't see creating a domain is going to help you at all as I don't see any security need for it. It just going to make things more complicated and will create more administrative overhead and not justify in your description above.
LVL 57

Expert Comment

by:Mike Kline
ID: 24016337
I agree creating a domain won't help you; Tony Murray has a good article about when you may need multiple domains
If you go about halfway down the thread below you will see my comment which is a more detailed step by step on the site creation
Currently are users in site B complaining about any slowness or latency issues?

Author Comment

ID: 24093590
Americom: Thank you for the help, ive chosen this path and have setup the majority of it.
Next step I have is im part of a large WAN and have a 10.x.y.z/22 ip range for the whole network.
I have no idea as to how to subnet it for AD sites. I've read quite a lot of information and cant figure it out. Do you need to create subnets for Sites to work correctly?
I've got 4 ranges with the /22
Site A needs the majority of the host addresses....
Site B could do with one complete range, 254 Usable hosts.
I know its probably an annoying question but if someone could shed a little light.

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question