[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now


Windows Server 2012 R2 AD Domain

Posted on 2014-04-02
Medium Priority
Last Modified: 2016-11-23
I have a client that is in need of purchasing a server to maintain a financial package database (Peachtree) and user files (word, excel, pdf, etc.)  They estimate 5 to 10 people will eventually need to access this server, but initially it will only be 4 people.

The server will be Dell T320 server with a single XEON processor, 16Gbs of RAM, and (3) 600Gb RAID drives for the OS and data.

They have no need for Exchange on-premise or Office365 since they are very happy with their Google mail solution.  

I usually prefer setting an AD domain for offices that have a server and at least 5 users, but at the same time I am thinking this office could simply use this server as a member server with network shares, etc.  

I am still inclined on setting up an AD domain, but I am not sure of the actual AD domain name to use.  I have always used a .local domain, and now Microsoft recommends using a valid .com name instead.  Microsoft keeps going back and forth on this matter.  

So the domain name for this company's website and email is long, let’s say something like (www.automatedproductsgroup.com).  They own this public domain, so am I supposed to setup the AD Domain Name as automatedproductsgroup.com?  I want to abide by Microsoft's naming requirements, but this name seems a bit long and not right.  I simply wanted to use "apg.com", so it abbreviates the name, but they do not own this public domain name.  I was simply thinking of using apg.local instead to avoid all of this, but I am not sure what kind of problems a .local domain name will cause down the line.  

This office also has a need where the owners (3 people) will need to work remotely and access the financial application and user files.  They will have laptops that travel with them and are used in the office.  So they will not have desktop computers to remote into while out of the office.  They have another facility setup across the country that was setup be a local consultant as follows:

They use logmein himachi to setup a VPN.
Once the VPN is established they can access network shares for that remote network.
They have a Peachtree icon on their desktops that opens slowly, but eventually allows them to open the company file from the peachtree server share residing on the remote server.  

The problem is they do not have desktops in the office to RDP into, and have a dire need accessing their Peachtree database.  Right now I am not concerned about the server setup at the other facility across the nation, and I am concerned about providing a more robust RDP solution at this new facility.

Since three people may need to simultaneously RDP and access the same database, I was thinking of purchasing a 5 pack license of Windows 2012 RDP CALS (approx $400.00).  I would think they do not need a VPN connection, and be able to RDP to the public IP of their router, and have their router forward all RDP requests to the server.  I believe Microsoft RDP is a secure enough connection without the need of a VPN.  If so, all they would need to do is enter the pubic IP in the RDP connect host.  I also need to find out with Peachtree whether using their application on a terminal server is an issue or even supported.

So, let me breakdown what I need help with:

1.  Setup a simple member server instead of an AD domain?  Thinking an AD domain the best way to go.

2.  The internal AD domain name.  This companies public domain automatedproductiongroup.com.  Do I need to use this actual name since they own the public domain name or can I abbreviate it to agp.com.  The do not own the public name apg.com.  Or simply go the .local approach apg.local to make things simple.

3.  A minimum of 3 people need to RDP this new server.  They currently use logmein himachi as a VPN solution to access network server shares and access a Peachtree database.  This solution works fine for file shares, but accessing the Peachtree database is a bit cumbersome and rather slow in my opinion.  Possible resolution, purchase and setup Windows Server 2012 RDP CALs, and instruct the users to enter the public ip of the router to directly RDP to their server (terminal server) without a VPN.  

4.  Based on the server hardware config mentioned above, is it configured with enough resources (processor, RAM, hard disk space) for a server that will be the sole AD domain controller, DNS, DHCP, terminal server, TrendMicro worry free business standard server, printer shares, file shares, and Peachtree database server for 5 to 15 users.  Terminal services will not be used by all employees.  Not sure RRAS maybe included in the mix should VPN access be necessary.

Please forward your suggestions and recommendations.  I just want to make sure I set things up looking at the future and not simply to quickly get things going.
Question by:cmp119
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 3
  • 2
LVL 25

Expert Comment

by:Tony Giangreco
ID: 39972069
I would add a second processor and more ram and setup Rdp right into the servers as a TS/Rdp server. Install Peachtree on the server as an app and allow employees to login with Rdp, run the app on the server and save their data right there. We do this with QuickBooks and it works well.

Author Comment

ID: 39972123
Wow a second processor by itself is not cheap.  I was not thinking it would be necessary.  Adding more RAM and a second processor will be over $1K would be me guess.  I do not think the client will tolerate such an increase in cost.
LVL 25

Assisted Solution

by:Tony Giangreco
Tony Giangreco earned 1000 total points
ID: 39972147
We run multiple locations like this and learned the hard way a 2nd processor and additional ram on an Rdp server really helps. I would not want to under sell a solution and them have to explain why the system runs slow after it's installed.  It's cheaper to add resources before going live than after.
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.


Author Comment

ID: 39972190
I understand what you're saying.  I don't want to be put under those circumstances.  My thought was the count of users hitting the server at an given time would be 5 to 10 at most.  I usually get a second processor and more RAM (24 to 32gbs) for an SBS server that will host exchange, Sharepoint, and possibly SQL.  I could possibly see doubling the RAM to 32Gbs, but the cost of the processor will be a tuff sell.
LVL 38

Expert Comment

ID: 39972233
You can keep same AD domain name as external, it will be helpful.

This will simplify your digital Certificate management.
Also it won't create any problems even if your AD domain name is more than 15 characters long as it will limit domain NetBIOS name only to 15 characters.

I hope you will be having at least Two \ Four core to that XEON CPU which is enough according to  me for 15 peoples
You can deploy Hyper-V 2012 \ 2012 R2 standard edition on host server with two free Virtual machines (one 2012 R2 server as a DC and another as a Application + RD Gateway server to which your users will get connected  for accessing application).

Then you can have one public SSL certificate for Remote Desktop gateway server and RDS cals for users who are going to connect.


Author Comment

ID: 39972237
What do you think about using RDP without a VPN connection?  My understanding is an RDP connection is already an encrypted connection.

Author Comment

ID: 39972263
The single Intel XEON E-24XX V2 Processor has eight cores.  I just don't like the idea of using automatedproductionsgroup\JohnDoe.  It would be so much better using apg\JonhDoe.  I believe you stated it will only take the first 15 characters, so I guess it would be automatedproduc\JohnDoe then.  If that is the case, that still does not look right and appears to be cumbersome.
LVL 38

Expert Comment

ID: 39972978
In previous comment, When I said that you can use RD gateway server, you are ultimately using encrypted RDP sessions only because RD gateway requires SSL certificate for communications
RD Gateway is the server through which you are getting authenticated with AD and able to logon to internal server with RDP only
RD Gateway server IP is published on internet with public DNS name
For Ex: RDgateway.automatedProductiongroup.com
Also please note that even if you keep automatedProductiongroup.com as domain name, you can keep custom NetBIOS name such as APC and AD will give you option during initial AD setup

Check below link for more info to setup RD gateway server


Author Comment

ID: 39973578
I am sorry to say the client stated they are happy using logmein himachi as a VPN solution to simply access server shares to access there data.  They were not willing to spend more for RDP licenses, extra processor, more memory, and an SSL Certificate.  

Thank you for your feedback.  It was greatly appreciated.

Author Comment

ID: 39973599
Mahesh -

I am trying to understand your statement:

Also please note that even if you keep automatedProductiongroup.com as domain name, you can keep custom NetBIOS name such as APC and AD will give you option during initial AD setup

I presume you are suggesting I go ahead and setup the AD domain name as automatedProductiongroup.com.  I do not understand the portion pertaining to a custom NetBIOS name.

Maybe you can forward some articles pertaining to this so that I have a better understanding. Thank.s
LVL 38

Accepted Solution

Mahesh earned 1000 total points
ID: 39974254
When you run dcpromo, you will come to know What I am trying to Say

By default when you run dcpromo, system will provide NetBIOS name to your specified AD domain, which is same as domain name

For Ex: Your domain name is Contoso.com
Then system will auto generate NetBIOS name and keep in front of you such as CONTOSO . You can change it if wanted to, the best practice is to keep it as it is as suggested by system
However if your domain name is more than 15 characters long, due to limitations of NetBIOS name in Windows, it can be max 15 characters long
Hence you don't have left any choice other than renaming it to some meaningful name

For Ex: ContosoNetworkSystems.com domain requires that NetBIOS name should be equal to domain name (CONTOSONETWORKSYSTEMS) which is simply not possible due to system restrictions and hence it will accept only 1st 15 characters, that you can change any way to some meaningful name such as CONTOSO only

Check dcpromo advanced wizard for clear understanding


Author Closing Comment

ID: 39975082
Thank you gentlemen for your input and suggestions.

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Windows Server 2003 introduced persistent Volume Shadow Copies and made 2003 a must-do upgrade.  Since then, it's been a must-implement feature for all servers doing any kind of file sharing.
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question