Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Placing satelite office on domain

Posted on 2013-01-24
9
Medium Priority
?
284 Views
Last Modified: 2013-01-25
Hello everyone,

This is somewhat more of a bigger question, as I am at the planning states of placing employees on a remote office site on the same domain as the main one, using stable solution.

Some info:
- Computers on mains site are on domain.ads, using Win2k8R2;
- Computers on remote site are not on any domain;
- VPN is setup between sites, communication channels are open;
- Possibility of remote site going offline is there, but they need to be able to log in despite connection issues over VPN;

Attempting:
- Trying to implement a third domain controller on remote site so authentication will always be available, not sure if it needs to be a subdomain/forest/etc...;
- Would like users who travel from main site to remote one, to log on with same credentials but use a different profile path located on server in remote site (possibly folder redirect), whereas user logging on in main site use folder redirection on servers located in main site.  This is to avoid attempting to sychronize or grab a ton of files from one or the other site and causing traffic congestion and slow logons.
0
Comment
Question by:metazend
  • 4
  • 3
  • 2
9 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 38815432
The DC should be in the same domain

users would login with same domain credentials

you can set different policies paths for remote users...that is fine.

You will want to create a new site in AD and associate the subnets to that site.  Move the new DC to the site.  You will also create a site link between the current HQ site and the new remote site.

Thanks

Mike
0
 

Author Comment

by:metazend
ID: 38815471
@mkline71, thank you kindly.

you can set different policies paths for remote users...that is fine.
Ok, that's good news.  Any good links for info on this?

You will want to create a new site in AD and associate the subnets to that site.  Move the new DC to the site.
I am not sure exactly what you mean.  This is what I understand from it:  I would do this by creating it in the existing domain, by going into active directory services, and then remote site addition threw there.  I would then setup a server, join it to the domain, and make it one of the DC,  then move it to remote site physically.  Does it matter that the primary domain controller isn't providing DHCP?  It's a network device on each site.

You will also create a site link between the current HQ site and the new remote site.
An IPsec VPN is already established, I am assuming this is good for my purposes?
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 1000 total points
ID: 38815579
For the first one you can place the remote users in a different OU's and if you do need different policies just link the policy you need to their OU

For number 2 your steps are fine but you also need to create a logical site in Active Directory using sites and services more on that here   http://technet.microsoft.com/en-us/library/cc782048(v=ws.10).aspx

Number 3...this is part of the Active Directory sites, again through the same sites and services tool.   http://technet.microsoft.com/en-us/library/cc783909(v=ws.10).aspx

Thanks

Mike
0
NEW Veeam Backup for Microsoft Office 365 1.5

With Office 365, it’s your data and your responsibility to protect it. NEW Veeam Backup for Microsoft Office 365 eliminates the risk of losing access to your Office 365 data.

 
LVL 96

Accepted Solution

by:
Lee W, MVP earned 1000 total points
ID: 38815870
don't think I'm disputing anything mkline said, but consider setting up DFS between the two sites.  You can get a copy of the data, updatable at either site and that synchronizes with each site so if either site goes down, you still have access to the data.  In this way, don't need separate paths for things.  (NOTE: if you use Roaming profiles, I wouldn't - I hate them.  They are problematic in many ways).

(I setup one client with multiple sites like this.  Works great).
0
 

Author Comment

by:metazend
ID: 38816572
@mkline71

For the first one you can place the remote users in a different OU's and if you do need different policies just link the policy you need to their OU

The issue there is that some users go between sites from time to time.  Although the majority are in one place only.  My thoughts were that depending on where they log on, they could pull from the server at the local site to avoid the traffic, and this would need to change automatically.

@leew

I just read some articles about DFS on technet.  Brilliant.  I think domain based DFS, and what mkline71 mentioned will be golden.   If steps 2/3 are not required for DFS, will it be stable as just a massive domain with several DCs, including one/two at the remote office?  I will look into creating a cluster for the DFS so the remote site has the same data available.  Does this happen real time? or synch'd at a given time?
0
 
LVL 96

Expert Comment

by:Lee W, MVP
ID: 38817671
Not sure what steps 2/3 are (maybe I'm missing something).

The data sync happens in near real time.  (depends on bandwidth, file sizes, and frequency of data changes)  You can actually block out replication for periods of time - for example, only allow replication off-hours to conserve bandwidth during the day and make it available to users -- of course, doing that can SOMEWHAT defeat the purpose, but depending on the factors mentioned, it may be necessary.
0
 

Author Comment

by:metazend
ID: 38817679
@leew

Ok, thank you.  That's something I will look into and determine best options to follow.

With respect to steps 2/3, I was referring to creating a new site in AD, associating the subnets, and also creating a site link between the main and remote sites through AD, as suggested by mkline71.  Just not sure if that may not be necessary, or is a good idea.   I ask because with your DFS suggestion, I thought I could just setup a third domain controller, move it to the remote site, and with the VPN just pretend it's a large network with the WAN as the bottleneck between the two sites and DFS root servers.

Thanks again for this info gents.
0
 
LVL 96

Expert Comment

by:Lee W, MVP
ID: 38817687
I agree with mkline71 in regards to setting up sites.
0
 

Author Comment

by:metazend
ID: 38820866
Thanks guys for all the info.
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
While Plesk offers many potential benefits to website administrators, including compatibility with Windows Server and other leading technologies, the company has also been working to differentiate it from other control panels for content management…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

972 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question