How to setup 1 domain across 3 offices?

Posted on 2011-10-30
Medium Priority
Last Modified: 2014-07-21
I've got 3 offices and I want to run 1 single domain between them. Please explain the following. Thanks!

1) The layout of how things should be, in terms of where domain controllers are needed and why

2) How the 3 offices are connected

3) How Active Directory adminstration happens acorss the 3 offices

4) How users can login no matter which office they are at
Question by:canalicomputers
LVL 97

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 664 total points
ID: 37053510
1.  Doesn't matter.  But the ideal setup would have 1 DC at each site, possibly 2 depending on how large the offices are.
2.  Site-to-site VPN.
3.  The same way it does with 1 office or 10 offices.  It's a replicating system.  As long as there's a link between the offices, it's really not difficult.
4.  It's active directory - the accounts replicate between DCs and over the VPN.  As long as there's a logical path to a subnet with a DC, it's the same as if it's one location.

I know these are brief, but this sounds a lot like a homework question.  I'd be happy to go into more detail if you first explain what you think you'll do and why and then we can correct any incorrect assumptions or bad configurations you plan on.

Author Comment

ID: 37053539
Our organization merged with another so we went from one to two offices with seperate domains and then added a third office. I'm wiping the slate clean and settings things up proper for one organization across the three offices. We're only a 60 person organization and the third office is only 5 people with very limited funds so I likely cannot even do a DC there but will definitely have a DC at office 1 and 2. We've got Cisco ASA 5505 firewalls at each office and the servers will be Windows Server 2008 R2. Users sometime visit between offices. Any further insight would be much appreciated Thanks very much for your help!

Expert Comment

ID: 37053551
A proper infrastructure is like leew explained, but if you have budget limitations you can use VPN routers or even better firewalls. Be sure you have a good wan connection.  
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

LVL 16

Assisted Solution

by:Michael Ortega
Michael Ortega earned 664 total points
ID: 37054472
ASA's in all locations is good. I suspect you have site to site tunnels up already. If not, put them up. Recommend static public IP's for each location as well.

For your new small office an Active Directory server is not really necessary. They can authenticate across the site to site tunnel. An ideal setup would be to put an RDS server at your main office location for this small office to remote to. Obviously that does represent an investment though.

If your other remote office is similar in size I would recommend the same solution for them as well.

LVL 42

Accepted Solution

kevinhsieh earned 672 total points
ID: 37057108
I would certainly map all home directories and drive mappings to a domain based DFS namespace. You may even want to consider DFS replication to replicate files between the sites. It is useful for when users move between locations, and can also be used to eliminate backups at the remote sites. You should not let the same file get modified on two different servers at the same time, so you need to be careful when doing DFS replication and DFS namespace together. I always recommend DFS namespace, and DFS replication is very useful too.

You need to figure out what you want to do for the 5 person office. You can maybe just save files over the VPN to a file server, depending on your file needs and if you have Vista or better clients. Just keeping files locally on the workstations is an option if you solve the backup problem for them (think online backup using Mozy, Carbonite, etc.)
LVL 16

Expert Comment

by:Michael Ortega
ID: 37057163
As kevinhsieh mentioned, a DFS namespace with replication could be nice and gives you some multi-site redundancy for that DFS share. I think I see more and more smaller to midsize company's lean toward and RDS environment instead. The cost of additional servers at both locations and perhaps even more throughput to improve user experience easily offsets the cost of implementing an RDS Server(s).

LVL 42

Expert Comment

ID: 37057868
FYI, I recommend DFS namespace for single server implementation, because it makes it easier to replace the server in the future.
LVL 16

Expert Comment

by:Michael Ortega
ID: 37058691
Good point, kevinhsieh.


Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
How to fix a SonicWall Gateway Anti-Virus firewall blocking automatic updates to apps like Windows, Adobe, Symantec, etc.
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question