?
Solved

Windows Network Configuration

Posted on 2014-01-28
6
Medium Priority
?
151 Views
Last Modified: 2014-08-25
Hi,

I have 6 x sites located all around the land down under.  All 6 sites are linked via a meshed VPN network and can see each other.

Now, in Head Office i have 2 x AD Servers (1 backup) on the one domain. All others have their own servers on their own domains.

Example :

Head Office - 2008R2 Domain - office1.local    (30 users)
Branch Office 1 - 2008R2 Domain - office2.local    (10 users)
Branch Office 2 - 2008R2 Domain - office3.,local    (10 users)
etc etc

Each server in each branch holds a lot of file storage and staff want access to this quickly so servers must reside in each branch locally.

As i am about to replace all the hardware in all the branches (Servers and Desktops) i have the ability to change things hopefully to make it better.

Question.

What is the best scenario in terms of Domain setup?
Should i keep them all separate domains?
Should i make the branch servers Read Only?
Should i put all the PC's on the Head Office domain and have them replicate from there?

What's the best practice for such a Domain Network?

Looking forward to your kind assistance.
0
Comment
Question by:tmaster100
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 12

Accepted Solution

by:
mlongoh earned 2000 total points
ID: 39816818
It's mostly a matter of requirements and bandwidth.  I'd advise that you start with consolidating all the different domains into one - there's no need to have separate domains unless you have reason to isolate them from one another.  It will make administration easier and allow people to logon even if they're not in their home branch.

Whether you have a server at each branch or centrally located is dependent on available bandwidth, response requirements, and preference.

If bandwidth is lower than traditional LAN speeds, then I'd have a domain controller/file server at each site.  But that's really up to you... you can test operation across the network to see if it's acceptable.

One common directory service is definitely better.
0
 
LVL 1

Author Comment

by:tmaster100
ID: 39817046
Ah, so what your suggesting is to use both AD servers in Head Office to authenticate all PC's around the country over the WAN and have no AD at each branch site, just some NAS or something similar?
0
 
LVL 12

Expert Comment

by:mlongoh
ID: 39818046
Only if bandwidth supports it. Otherwisehave a DC at each location providing authentication/DNS/DHCP but have them all on the same domain (the DCs will replicate updates to each other).
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 
LVL 1

Author Comment

by:tmaster100
ID: 39820372
Understand, thankyou kindly.
0
 
LVL 1

Author Comment

by:tmaster100
ID: 39828598
So what you suggest is to setup Secondary AD servers in forest that replicate with the first AD server so that all sites will be on the same domain, this makes sense but can you configure these secondary servers to serve out their own DHCP ranges?  All our sites use a different Subnet for each location.

From what i understand Windows will always ask the DHCP server closest to it, as in on the same switch for an IP. Is this correct?

We do have travellers that go from state to state and use a laptop. Due to web restrictions all staff are given a reserved IP (based on MAC) so i don't want to mess this up.
0
 
LVL 12

Expert Comment

by:mlongoh
ID: 39829485
Well unless you have a DHCP helper feature enabled in your routers, the DHCP requests will never get beyond the routers - meaning they will stay with the subnet for each site.  So, yes, you can setup DHCP on each server and configure each for it's respective site's subnet.  In essence, DHCP should function the same as it is now.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
Know what services you can and cannot, should and should not combine on your server.
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question