[Webinar] Streamline your web hosting managementRegister Today

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 306
  • Last Modified:

Building a Corporate Domain Network

I am currently creating a plan to delpoy a new domain network for my company. Currently they have 5 locations around North America and India.

Currenlty only one office has an Active Directory infrrastructure. This is for users only in that office approximately 150 users.
I have another Domain and Domain Controller for the company exchange service. Apart from India no-one users a Domain user account to log on, Exchange is connecting via https.

So as a compnay we have two totally seperate domain networks, My task is to propose a plan to create a state of connectivity between all sites using a single Active Directory infrastructure.

I understand that this is going to be a complex and drawn out process and I do not expect anyone here to provide a step-by-step process for this. My question is about resources on the best approach, i.e. Should each site be a sub-domain of mycompany.com? Or should we make everything a single domain with replicating Domain Controllers connected via VPN?

Its a big question, links etc to best practises are always welcome.
Thanks for your ideas.
2 Solutions
You could do it a number of ways.

1) you Could have 1 big Domain Forest with each office being a different OU under the domain in active directory to help you divide up your logins and settings

2) You could set up each office/ site as its own active directory forest and set up trusts between them

Its really a preference of what you like and how you use it. As far as connecting the sites there are a number of ways and depending on how much speed you need between the sites you can set up an MPLS network with an ISP to connect all the offices or like you suggested do a Firewall to firewall connection to have the servers talk to each other
Erik BjersPrincipal Systems AdministratorCommented:
We have a similar (though much larger) setup with about 400 users in our home office and around 100 sites world wide with 10 - 600 users each.

Our current setup is a flat domain structure with each location being a different site with a subnet assigned to it and an OU for each site for easier management.  The sites are setup so that a computer will always authenticate to a local domain controller, this is key unless you want your computers in India trying to authenticate against a DC in the US.

We are in the process of moving to a tree structure where each site will be a subdomain (site1.company.com).  This will allow us to create users in the parent domain who will be able to log into any computer at any site / subdomain as well as create users at the local sites who don't need access to the main network.

Both solutions offer central management with the former giving you a little more granular control over who can log in where as well as having local admins who can admin their domain and enterprise level admins who can administer the entire forest.

What ever method you do you will want to establish VPN connectivity between the sites.

carlocAuthor Commented:
Thanks for your comments, I know that there are many different solution to this questions and your answers have helped me work on a solution that would work for my organization.

Featured Post

The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now