Solved

Placing satelite office on domain

Posted on 2013-01-24
9
279 Views
Last Modified: 2013-01-25
Hello everyone,

This is somewhat more of a bigger question, as I am at the planning states of placing employees on a remote office site on the same domain as the main one, using stable solution.

Some info:
- Computers on mains site are on domain.ads, using Win2k8R2;
- Computers on remote site are not on any domain;
- VPN is setup between sites, communication channels are open;
- Possibility of remote site going offline is there, but they need to be able to log in despite connection issues over VPN;

Attempting:
- Trying to implement a third domain controller on remote site so authentication will always be available, not sure if it needs to be a subdomain/forest/etc...;
- Would like users who travel from main site to remote one, to log on with same credentials but use a different profile path located on server in remote site (possibly folder redirect), whereas user logging on in main site use folder redirection on servers located in main site.  This is to avoid attempting to sychronize or grab a ton of files from one or the other site and causing traffic congestion and slow logons.
0
Comment
Question by:metazend
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
9 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 38815432
The DC should be in the same domain

users would login with same domain credentials

you can set different policies paths for remote users...that is fine.

You will want to create a new site in AD and associate the subnets to that site.  Move the new DC to the site.  You will also create a site link between the current HQ site and the new remote site.

Thanks

Mike
0
 

Author Comment

by:metazend
ID: 38815471
@mkline71, thank you kindly.

you can set different policies paths for remote users...that is fine.
Ok, that's good news.  Any good links for info on this?

You will want to create a new site in AD and associate the subnets to that site.  Move the new DC to the site.
I am not sure exactly what you mean.  This is what I understand from it:  I would do this by creating it in the existing domain, by going into active directory services, and then remote site addition threw there.  I would then setup a server, join it to the domain, and make it one of the DC,  then move it to remote site physically.  Does it matter that the primary domain controller isn't providing DHCP?  It's a network device on each site.

You will also create a site link between the current HQ site and the new remote site.
An IPsec VPN is already established, I am assuming this is good for my purposes?
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 250 total points
ID: 38815579
For the first one you can place the remote users in a different OU's and if you do need different policies just link the policy you need to their OU

For number 2 your steps are fine but you also need to create a logical site in Active Directory using sites and services more on that here   http://technet.microsoft.com/en-us/library/cc782048(v=ws.10).aspx

Number 3...this is part of the Active Directory sites, again through the same sites and services tool.   http://technet.microsoft.com/en-us/library/cc783909(v=ws.10).aspx

Thanks

Mike
0
U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

 
LVL 96

Accepted Solution

by:
Lee W, MVP earned 250 total points
ID: 38815870
don't think I'm disputing anything mkline said, but consider setting up DFS between the two sites.  You can get a copy of the data, updatable at either site and that synchronizes with each site so if either site goes down, you still have access to the data.  In this way, don't need separate paths for things.  (NOTE: if you use Roaming profiles, I wouldn't - I hate them.  They are problematic in many ways).

(I setup one client with multiple sites like this.  Works great).
0
 

Author Comment

by:metazend
ID: 38816572
@mkline71

For the first one you can place the remote users in a different OU's and if you do need different policies just link the policy you need to their OU

The issue there is that some users go between sites from time to time.  Although the majority are in one place only.  My thoughts were that depending on where they log on, they could pull from the server at the local site to avoid the traffic, and this would need to change automatically.

@leew

I just read some articles about DFS on technet.  Brilliant.  I think domain based DFS, and what mkline71 mentioned will be golden.   If steps 2/3 are not required for DFS, will it be stable as just a massive domain with several DCs, including one/two at the remote office?  I will look into creating a cluster for the DFS so the remote site has the same data available.  Does this happen real time? or synch'd at a given time?
0
 
LVL 96

Expert Comment

by:Lee W, MVP
ID: 38817671
Not sure what steps 2/3 are (maybe I'm missing something).

The data sync happens in near real time.  (depends on bandwidth, file sizes, and frequency of data changes)  You can actually block out replication for periods of time - for example, only allow replication off-hours to conserve bandwidth during the day and make it available to users -- of course, doing that can SOMEWHAT defeat the purpose, but depending on the factors mentioned, it may be necessary.
0
 

Author Comment

by:metazend
ID: 38817679
@leew

Ok, thank you.  That's something I will look into and determine best options to follow.

With respect to steps 2/3, I was referring to creating a new site in AD, associating the subnets, and also creating a site link between the main and remote sites through AD, as suggested by mkline71.  Just not sure if that may not be necessary, or is a good idea.   I ask because with your DFS suggestion, I thought I could just setup a third domain controller, move it to the remote site, and with the VPN just pretend it's a large network with the WAN as the bottleneck between the two sites and DFS root servers.

Thanks again for this info gents.
0
 
LVL 96

Expert Comment

by:Lee W, MVP
ID: 38817687
I agree with mkline71 in regards to setting up sites.
0
 

Author Comment

by:metazend
ID: 38820866
Thanks guys for all the info.
0

Featured Post

[Live Webinar] The Cloud Skills Gap

As Cloud technologies come of age, business leaders grapple with the impact it has on their team's skills and the gap associated with the use of a cloud platform.

Join experts from 451 Research and Concerto Cloud Services on July 27th where we will examine fact and fiction.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
We take a look at some of the most common obstacles that IT teams run into as they work relentlessly to keep all the alarms and sirens from going off at once.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question