Solved

Windows Network Configuration

Posted on 2014-01-28
6
148 Views
Last Modified: 2014-08-25
Hi,

I have 6 x sites located all around the land down under.  All 6 sites are linked via a meshed VPN network and can see each other.

Now, in Head Office i have 2 x AD Servers (1 backup) on the one domain. All others have their own servers on their own domains.

Example :

Head Office - 2008R2 Domain - office1.local    (30 users)
Branch Office 1 - 2008R2 Domain - office2.local    (10 users)
Branch Office 2 - 2008R2 Domain - office3.,local    (10 users)
etc etc

Each server in each branch holds a lot of file storage and staff want access to this quickly so servers must reside in each branch locally.

As i am about to replace all the hardware in all the branches (Servers and Desktops) i have the ability to change things hopefully to make it better.

Question.

What is the best scenario in terms of Domain setup?
Should i keep them all separate domains?
Should i make the branch servers Read Only?
Should i put all the PC's on the Head Office domain and have them replicate from there?

What's the best practice for such a Domain Network?

Looking forward to your kind assistance.
0
Comment
Question by:tmaster100
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 12

Accepted Solution

by:
mlongoh earned 500 total points
ID: 39816818
It's mostly a matter of requirements and bandwidth.  I'd advise that you start with consolidating all the different domains into one - there's no need to have separate domains unless you have reason to isolate them from one another.  It will make administration easier and allow people to logon even if they're not in their home branch.

Whether you have a server at each branch or centrally located is dependent on available bandwidth, response requirements, and preference.

If bandwidth is lower than traditional LAN speeds, then I'd have a domain controller/file server at each site.  But that's really up to you... you can test operation across the network to see if it's acceptable.

One common directory service is definitely better.
0
 
LVL 1

Author Comment

by:tmaster100
ID: 39817046
Ah, so what your suggesting is to use both AD servers in Head Office to authenticate all PC's around the country over the WAN and have no AD at each branch site, just some NAS or something similar?
0
 
LVL 12

Expert Comment

by:mlongoh
ID: 39818046
Only if bandwidth supports it. Otherwisehave a DC at each location providing authentication/DNS/DHCP but have them all on the same domain (the DCs will replicate updates to each other).
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 
LVL 1

Author Comment

by:tmaster100
ID: 39820372
Understand, thankyou kindly.
0
 
LVL 1

Author Comment

by:tmaster100
ID: 39828598
So what you suggest is to setup Secondary AD servers in forest that replicate with the first AD server so that all sites will be on the same domain, this makes sense but can you configure these secondary servers to serve out their own DHCP ranges?  All our sites use a different Subnet for each location.

From what i understand Windows will always ask the DHCP server closest to it, as in on the same switch for an IP. Is this correct?

We do have travellers that go from state to state and use a laptop. Due to web restrictions all staff are given a reserved IP (based on MAC) so i don't want to mess this up.
0
 
LVL 12

Expert Comment

by:mlongoh
ID: 39829485
Well unless you have a DHCP helper feature enabled in your routers, the DHCP requests will never get beyond the routers - meaning they will stay with the subnet for each site.  So, yes, you can setup DHCP on each server and configure each for it's respective site's subnet.  In essence, DHCP should function the same as it is now.
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Enterprise networks where VoIP phones have been deployed frequently use port configurations that allow both a computer and an IP phone to be plugged into the same switch port but use different VLANs. On Cisco equipment I'm referring to the "native V…
Resolve DNS query failed errors for Exchange

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question