Solved

Placing satelite office on domain

Posted on 2013-01-24
9
271 Views
Last Modified: 2013-01-25
Hello everyone,

This is somewhat more of a bigger question, as I am at the planning states of placing employees on a remote office site on the same domain as the main one, using stable solution.

Some info:
- Computers on mains site are on domain.ads, using Win2k8R2;
- Computers on remote site are not on any domain;
- VPN is setup between sites, communication channels are open;
- Possibility of remote site going offline is there, but they need to be able to log in despite connection issues over VPN;

Attempting:
- Trying to implement a third domain controller on remote site so authentication will always be available, not sure if it needs to be a subdomain/forest/etc...;
- Would like users who travel from main site to remote one, to log on with same credentials but use a different profile path located on server in remote site (possibly folder redirect), whereas user logging on in main site use folder redirection on servers located in main site.  This is to avoid attempting to sychronize or grab a ton of files from one or the other site and causing traffic congestion and slow logons.
0
Comment
Question by:metazend
  • 4
  • 3
  • 2
9 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 38815432
The DC should be in the same domain

users would login with same domain credentials

you can set different policies paths for remote users...that is fine.

You will want to create a new site in AD and associate the subnets to that site.  Move the new DC to the site.  You will also create a site link between the current HQ site and the new remote site.

Thanks

Mike
0
 

Author Comment

by:metazend
ID: 38815471
@mkline71, thank you kindly.

you can set different policies paths for remote users...that is fine.
Ok, that's good news.  Any good links for info on this?

You will want to create a new site in AD and associate the subnets to that site.  Move the new DC to the site.
I am not sure exactly what you mean.  This is what I understand from it:  I would do this by creating it in the existing domain, by going into active directory services, and then remote site addition threw there.  I would then setup a server, join it to the domain, and make it one of the DC,  then move it to remote site physically.  Does it matter that the primary domain controller isn't providing DHCP?  It's a network device on each site.

You will also create a site link between the current HQ site and the new remote site.
An IPsec VPN is already established, I am assuming this is good for my purposes?
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 250 total points
ID: 38815579
For the first one you can place the remote users in a different OU's and if you do need different policies just link the policy you need to their OU

For number 2 your steps are fine but you also need to create a logical site in Active Directory using sites and services more on that here   http://technet.microsoft.com/en-us/library/cc782048(v=ws.10).aspx

Number 3...this is part of the Active Directory sites, again through the same sites and services tool.   http://technet.microsoft.com/en-us/library/cc783909(v=ws.10).aspx

Thanks

Mike
0
 
LVL 95

Accepted Solution

by:
Lee W, MVP earned 250 total points
ID: 38815870
don't think I'm disputing anything mkline said, but consider setting up DFS between the two sites.  You can get a copy of the data, updatable at either site and that synchronizes with each site so if either site goes down, you still have access to the data.  In this way, don't need separate paths for things.  (NOTE: if you use Roaming profiles, I wouldn't - I hate them.  They are problematic in many ways).

(I setup one client with multiple sites like this.  Works great).
0
 

Author Comment

by:metazend
ID: 38816572
@mkline71

For the first one you can place the remote users in a different OU's and if you do need different policies just link the policy you need to their OU

The issue there is that some users go between sites from time to time.  Although the majority are in one place only.  My thoughts were that depending on where they log on, they could pull from the server at the local site to avoid the traffic, and this would need to change automatically.

@leew

I just read some articles about DFS on technet.  Brilliant.  I think domain based DFS, and what mkline71 mentioned will be golden.   If steps 2/3 are not required for DFS, will it be stable as just a massive domain with several DCs, including one/two at the remote office?  I will look into creating a cluster for the DFS so the remote site has the same data available.  Does this happen real time? or synch'd at a given time?
0
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 38817671
Not sure what steps 2/3 are (maybe I'm missing something).

The data sync happens in near real time.  (depends on bandwidth, file sizes, and frequency of data changes)  You can actually block out replication for periods of time - for example, only allow replication off-hours to conserve bandwidth during the day and make it available to users -- of course, doing that can SOMEWHAT defeat the purpose, but depending on the factors mentioned, it may be necessary.
0
 

Author Comment

by:metazend
ID: 38817679
@leew

Ok, thank you.  That's something I will look into and determine best options to follow.

With respect to steps 2/3, I was referring to creating a new site in AD, associating the subnets, and also creating a site link between the main and remote sites through AD, as suggested by mkline71.  Just not sure if that may not be necessary, or is a good idea.   I ask because with your DFS suggestion, I thought I could just setup a third domain controller, move it to the remote site, and with the VPN just pretend it's a large network with the WAN as the bottleneck between the two sites and DFS root servers.

Thanks again for this info gents.
0
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 38817687
I agree with mkline71 in regards to setting up sites.
0
 

Author Comment

by:metazend
ID: 38820866
Thanks guys for all the info.
0

Join & Write a Comment

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Synchronize a new Active Directory domain with an existing Office 365 tenant
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now