PeopleSoft Adoption Made Smooth & Simple!
On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool. Claim Your Free WalkMe Account Now
Course Of The Month
8 days, 12 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Sub Domain and Site Replication
Posted on 2013-11-13
I have a corporate AD domain running on 2008 servers, for this question it is called X.com.
I also have an engineering group at a separate site, we are creating a separate network for them and want to add them as eng.x.com, they are running 2012
So, adding the subdomain to my AD should be easy, but since they are at another lcation, I am going to need to do Site replication and a bridgehead server, correct?
I have read up on doing the site replication and bridgehead server and how it works. But, I have a few questions.
1-I will need to setup an permanent VPN tunnel up between the 2 sites correct?
2-I am assuming that I have the right idea here.
3-When I setup the new controller on the new network, I don't have to be connected to the Corporate network?
Any other suggestions/information you can provide would be extremely helplful.
I also have an engineering group at a separate site, we are creating a separate network for them and want to add them as eng.x.com, they are running 2012
So, adding the subdomain to my AD should be easy, but since they are at another lcation, I am going to need to do Site replication and a bridgehead server, correct?
I have read up on doing the site replication and bridgehead server and how it works. But, I have a few questions.
1-I will need to setup an permanent VPN tunnel up between the 2 sites correct?
2-I am assuming that I have the right idea here.
3-When I setup the new controller on the new network, I don't have to be connected to the Corporate network?
Any other suggestions/information you can provide would be extremely helplful.
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
2
- +1
5 Comments
1) It is recommended to use a VPN rather than adjusting firewalls on both ends to allow all necessary network traffic, though the true requirement is simply network connectivity.
2) To know whether you have the right idea or not, you'll need to identify why you're creating this subdomain. Why do you feel you need a subdomain? How much of the infrastructure will be different than what you have? For example, you seem to have a 2008 domain and forest, do you have a requirement for engineering to have a higher functional level and a reason not to raise the level of the forest/primary domain? Unless you have some compelling reason for creating this child domain, I'd personally go for just creating another site and breaking them and their devices off onto a separate OU for group policy management.
3) You have to have connectivity to the root domain, yes. In order to create a child domain in a domain, the DC in the child domain has to be able to verify and communicate with the parent domain. You will need to create a AD site that resembles this new site for replication reasons (it's not a LAN link, so replication intervals will likely be spread out more).
2) To know whether you have the right idea or not, you'll need to identify why you're creating this subdomain. Why do you feel you need a subdomain? How much of the infrastructure will be different than what you have? For example, you seem to have a 2008 domain and forest, do you have a requirement for engineering to have a higher functional level and a reason not to raise the level of the forest/primary domain? Unless you have some compelling reason for creating this child domain, I'd personally go for just creating another site and breaking them and their devices off onto a separate OU for group policy management.
3) You have to have connectivity to the root domain, yes. In order to create a child domain in a domain, the DC in the child domain has to be able to verify and communicate with the parent domain. You will need to create a AD site that resembles this new site for replication reasons (it's not a LAN link, so replication intervals will likely be spread out more).
One best practice is to try and limit the number of domains, is there a reason you are going with a child domain in this situation.Avoid having a multi-domain forest In pre-Windows Server 2008-based AD, creating multiple domains would typically be necessary to accomodate different password policies - but, with the introduction of Fine Grained Password Policy in Windows 2008 DFL, this is no longer the case.
Instead of creating child domain you can promote the server in remote site as additional DC(ADC).You can create seperate OU for remote users and computer and apply the policies as per requirement.You can also delegate admin related permission to remote site admin user as per requirement.
Determining the Number of Domains Required
http://technet.microsoft.com/en-us/library/cc732201(WS.10).aspx
Domain controllers # Determining the number of domain controllers you need
http://technet.microsoft.com/en-us/library/cc759623(v=WS.10).aspx
In general it is recommended that at least two DCs in a domain for high availablity and fault tolerance, but how many DCs at each site will depend on your requirement. Normally one DC at each site can serve thousands of users with regard to authentication.
Yes,there should be connectivity between the sites continuosly and VPN is the way to go.In either case child domain or ADC you need to have site connectivity to main office.
Instead of creating child domain you can promote the server in remote site as additional DC(ADC).You can create seperate OU for remote users and computer and apply the policies as per requirement.You can also delegate admin related permission to remote site admin user as per requirement.
Determining the Number of Domains Required
http://technet.microsoft.com/en-us/library/cc732201(WS.10).aspx
Domain controllers # Determining the number of domain controllers you need
http://technet.microsoft.com/en-us/library/cc759623(v=WS.10).aspx
In general it is recommended that at least two DCs in a domain for high availablity and fault tolerance, but how many DCs at each site will depend on your requirement. Normally one DC at each site can serve thousands of users with regard to authentication.
Yes,there should be connectivity between the sites continuosly and VPN is the way to go.In either case child domain or ADC you need to have site connectivity to main office.
Active today
Sandeshdubey, brings up a very good point. You really should limit the number of domains you create unless it is absolutely necessary. You should only create a new domain if there is a requirement for the sub-domain to govern themselves. Although for true separate to control in high security environments is to create a separate forest since it is possible of a sub-domain admin to elevate there rights to be an enterprise admin.
Featured Post
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
Are you ready to implement Active Directory best practices without reading 300+ pages?
You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses
Earn Certification
HTML5 Specialist - Certification
Free withPremium
Course of the Month8 days, 12 hours left to enroll
615 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.