Windows Active Directory

I was recruited an Senior Windows Engineer for a IT company and the Engineers I worked have a very limited knowledge of Windows AD and Windows Networking in general.

We have a one client and there operation spans 24 locations. In the past their sites are configured independently even though their is a VPN from every site to head office. Each site has SBS 2003 installed, and PCs are configured as a Workgroup even though there is SBS Server 2003 Domain Controller. I have tried explaining to the engineers I worked with that the PCs should be joined to the Domain for both security and central management of resouces and objects on the network.

Going forward what I would like to do is join all 24 sites to one Active Directory Domain instead of each site being independant of each other, and instead of installing SBS 2003 or SBS 2008 I want to install Standard Edition. I have tried to convey this to the engineers I work with but they are slow to understand the concept and don't really want to take on the extra administrative workload.

I would like to hear from other engineers and seek their opinions relating to this, and see technically what I'm trying to achieve is the right way of doing things.

Thank you Experts Exchange,


LVL 15
JamesSenior Cloud Infrastructure EngineerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

see it depends of how many number of PCs and Users in Each Site
and its better to had a Domain Controller in Each branch "Site" and all will be addtional DCs to the Main one in the HQ, and for sure all the PCs should be joined to the Domain, and All the users should use Domain Users only
Lee W, MVPTechnology and Business Process AdvisorCommented:
I would be surprised if each site had 3 or fewer people on average, so there is no point to using SBS except that they like spending money.

Put together an analysis.  Is each site actually running their own e-mail domain or are they sharing one and just not using SBS for Email?  Then the CALs are costing them a fortune for no good reason.  Explain how they will have to log in to each site to perform changes where as they don't if they are on one domain - they could manage everything easier.

If you can't sell them on this, I'm not sure what to tell you.  You're the expert they hired - they should be granting you some leeway - though cost can be a consideration (it's not going to be cheap buying 24 licenses of Server Standard to replace the SBS boxes and it's not going to be cheap in terms of labor to replace them all... but there is no way I would have setup a domain like this... or rather a company.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
JamesSenior Cloud Infrastructure EngineerAuthor Commented:
At the moment some of the sites would only have one or two PCs and also at the moment their is not a need for accessing or sharing files, and as for emails they are all using POP accounts.

So, what I want to do in time is phase out the current configuration and join all the offices together, install an Exchange Server and take them off POP3.
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

so for thes very smal number or users no need for addtional domain controller, you can use the main one in the HQ
JamesSenior Cloud Infrastructure EngineerAuthor Commented:
@ leew, thank you for your comment.

Yes, I have explained to the engineers that there is no need to be installing SBS on every site and that we should be installing Standard Edition.

But each does need to be running SQL Server which comes with SBS 2008 Premium.

In head office they have 10 users PCs configured as a Workgroup, I will be in the process of joining the PCs to there SBS domain. I have already completed this for my work network which was configured by the engineers before as a Workgroup even though their is an SBS 2003 Domain.

On each site there are tills which run Windows XP and then there is only one or two PCs. So, it is head office that has majority of users.
Lee W, MVPTechnology and Business Process AdvisorCommented:

Then they should be aware you cannot (or soon cannot) buy SBS 2008 - and the price JUMPED in a big way with SBS 2011.  

Why does each site need it's own server?  For only 1 or 2 users?  Unless you can explain further, I would say a better solution is a Terminal Server and let each site connect to that.  $200 for terminal services CALs for 2 users vs. $1600-2600 for SBS... The terminal services CALs (RDS CALs) are MUCH cheaper and MUCH less to maintain.
Ron MalmsteadInformation Services ManagerCommented:
From my experience, the best case you can make for consolidating multiple domains, is anytime a company is consolidating or centralizing their administrative departments or network resources.  Examples might be....Payroll, HR, accounting, and IT departments;  File servers, accounting software, hr software, voip servers.  You could benefit from having central management and control for each of these things.

To me, centralizing your security and control is a good enough reason.. but it's not always a good enough reason alone for the owners/ceo's who have limited understanding of why that could be beneficial and important by itself.  It's your job to convince them I suppose.

A cost/benefit analysis is what needs to occur before you present your case or start planning for the changes.

Figure out what you would "like" to do.   Figure out how much that's going to "cost", including down-time.  Figure out how much you are going to "save" by consolidating resources, and by resources I mean jobs and equipment.  Sadly.. eliminating someones job is a good selling point, and that is often what we do when we strive for efficiency.

The only real downside to doing these things that I have experienced....
When your HQ network goes down... lot's of people are unable to work.  You may want to include ideas for minimizing the impact of, or preventing that scenario.

The sites with one or two pc's...shouldn't have a server at all.  VPN  ----> Headquarters.
They can still be part of the domain at HQ.  I would set a threshold for the amount of users, before you decide to deploy any kind of server including domain controllers, at a remote site.  My threshold is 15, ..which is a matter of opinion.  Some say 20 some say 10. depends depends depends.
JamesSenior Cloud Infrastructure EngineerAuthor Commented:
Each site uses third party software which connects and feeds of a SQL Database. So, this is why we need a server in each site and also for storing files and backups etc. This software is installed on the tills and PCs which in-turn connect to the server.
JamesSenior Cloud Infrastructure EngineerAuthor Commented:
@ xuserx2000,

Thank you for your comment.

The problem is not convincing the CEO, the problem is trying get the engineers I worked to grasp the concept. As I said in my initial comment they have a very limited knowledge of Active Directory and Windows Networking. These are engineers that have been working in IT  for 5-10 years and they do not understand how protocols such as DNS, WINs, DHCP work etc.

So, for me personally it is very fustrating try to get them to understand why things need or should be done a certain way.

It appears to me that the engineers have been working a certain way for x numbers of years and are afraid of change and learning and taking on more work. I have explained to them that I will guide them and train them to get them up to a certain level.
Lee W, MVPTechnology and Business Process AdvisorCommented:
Sorry, but I still don't see the need for a server at each location - with a VPN, why can't they feed one centralized database?  Why can't SQL Express be used at the sites if the absolutely need a SQL server? (Just trying to make sure you're covering all your bases and there's a good reason for everything).  Perhaps one or more of these ideas hadn't yet occurred to you and could be a valid, cost effective solution.
Ron MalmsteadInformation Services ManagerCommented:
"""the problem is trying get the engineers I worked to grasp the concept.""""

Depending on how many people we're talking about here, is it really beneficial for you to use your time trying to educate these people and convince them to agree to change???

The  first "cost" I would  add to the list, is education cost for these "engineers".  Send the ones you want to keep... to school, and get rid of the rest who you don't think can meet the learning curve or are resistant to change.

I don't think you can really call them network engineers if they don't have an understanding of these basic network principles.  My opinion.
Ron MalmsteadInformation Services ManagerCommented:
""Sorry, but I still don't see the need for a server at each location - with a VPN""

...definitely agree with that.
Especially if we're talking about SBS.

Although if you are using MS Outlook + Exchange at a remote site, it is often beneficial to have a DC/GC at sites with X number of users (X being the threshold you decide). It will improve logon times/ group policy speed/ mailbox checking / ntfs security processing/ and anything that requires authentication or dns lookups.

Again, it's a cost/benefit to consider.
JamesSenior Cloud Infrastructure EngineerAuthor Commented:
The reason for a Server at each site is because each Server processes payments for ticketing with the third party software which is responsible for feeding the information into the database on the Server. Also, there is a website hosted on the headoffice Server which provides links to the other sites for online payments.
Lee W, MVPTechnology and Business Process AdvisorCommented:
Ok, and the databases are over 4 GB in size?  If not, SQL Express should be able to handle it.
JamesSenior Cloud Infrastructure EngineerAuthor Commented:
I will installing 2 new servers with Windows Server 2008 Standard Edition and also installing SQL Express. But I need to make sure the software is compatible with SQL Express as it has always been configured with SQL Server.
JamesSenior Cloud Infrastructure EngineerAuthor Commented:
@ xuserx2000

I have no managerial status in company, and the other engineers are with the company each for 5 and 10 years.

I have only started with the company 2 months ago.
Lee W, MVPTechnology and Business Process AdvisorCommented:
Absolutely - tests are a necessity - but consider the cost savings if you can go from 24 SQL servers to ONE and a bunch of SQL Express installs.
Ron MalmsteadInformation Services ManagerCommented:
""each Server processes payments for ticketing with the third party software ""

Without more information on your network, and which server roles/services are in play... it's not really possible to make any specific recommendations with confidence that it's the right thing to do.

If you were to provide a network diagram, many experts here could go nuts applying more efficiency and common sense to it.

You may want to consult with the software vendor if it is feasible, desireable, or possible... to consolidate this onto a single DB or application server, in a domain or domain forest environment.

It's not unusual for client/server softwares to be able to be configured to utilize a central/remote  database, of course.

Ron MalmsteadInformation Services ManagerCommented:
""I have only started with the company 2 months ago"""

Well that's more than enough time to start making waves and going over people's heads  ;)
JamesSenior Cloud Infrastructure EngineerAuthor Commented:
Thank you Experts Exchange I appreciate all your help.

JBond2010 :)
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Legacy OS

From novice to tech pro — start learning today.