Solved

Windows Server 2012 R2 AD Domain

Posted on 2014-04-02
12
945 Views
Last Modified: 2016-11-23
I have a client that is in need of purchasing a server to maintain a financial package database (Peachtree) and user files (word, excel, pdf, etc.)  They estimate 5 to 10 people will eventually need to access this server, but initially it will only be 4 people.

The server will be Dell T320 server with a single XEON processor, 16Gbs of RAM, and (3) 600Gb RAID drives for the OS and data.

They have no need for Exchange on-premise or Office365 since they are very happy with their Google mail solution.  

I usually prefer setting an AD domain for offices that have a server and at least 5 users, but at the same time I am thinking this office could simply use this server as a member server with network shares, etc.  

I am still inclined on setting up an AD domain, but I am not sure of the actual AD domain name to use.  I have always used a .local domain, and now Microsoft recommends using a valid .com name instead.  Microsoft keeps going back and forth on this matter.  

So the domain name for this company's website and email is long, let’s say something like (www.automatedproductsgroup.com).  They own this public domain, so am I supposed to setup the AD Domain Name as automatedproductsgroup.com?  I want to abide by Microsoft's naming requirements, but this name seems a bit long and not right.  I simply wanted to use "apg.com", so it abbreviates the name, but they do not own this public domain name.  I was simply thinking of using apg.local instead to avoid all of this, but I am not sure what kind of problems a .local domain name will cause down the line.  

This office also has a need where the owners (3 people) will need to work remotely and access the financial application and user files.  They will have laptops that travel with them and are used in the office.  So they will not have desktop computers to remote into while out of the office.  They have another facility setup across the country that was setup be a local consultant as follows:

They use logmein himachi to setup a VPN.
Once the VPN is established they can access network shares for that remote network.
They have a Peachtree icon on their desktops that opens slowly, but eventually allows them to open the company file from the peachtree server share residing on the remote server.  

The problem is they do not have desktops in the office to RDP into, and have a dire need accessing their Peachtree database.  Right now I am not concerned about the server setup at the other facility across the nation, and I am concerned about providing a more robust RDP solution at this new facility.

Since three people may need to simultaneously RDP and access the same database, I was thinking of purchasing a 5 pack license of Windows 2012 RDP CALS (approx $400.00).  I would think they do not need a VPN connection, and be able to RDP to the public IP of their router, and have their router forward all RDP requests to the server.  I believe Microsoft RDP is a secure enough connection without the need of a VPN.  If so, all they would need to do is enter the pubic IP in the RDP connect host.  I also need to find out with Peachtree whether using their application on a terminal server is an issue or even supported.

So, let me breakdown what I need help with:

1.  Setup a simple member server instead of an AD domain?  Thinking an AD domain the best way to go.

2.  The internal AD domain name.  This companies public domain automatedproductiongroup.com.  Do I need to use this actual name since they own the public domain name or can I abbreviate it to agp.com.  The do not own the public name apg.com.  Or simply go the .local approach apg.local to make things simple.

3.  A minimum of 3 people need to RDP this new server.  They currently use logmein himachi as a VPN solution to access network server shares and access a Peachtree database.  This solution works fine for file shares, but accessing the Peachtree database is a bit cumbersome and rather slow in my opinion.  Possible resolution, purchase and setup Windows Server 2012 RDP CALs, and instruct the users to enter the public ip of the router to directly RDP to their server (terminal server) without a VPN.  

4.  Based on the server hardware config mentioned above, is it configured with enough resources (processor, RAM, hard disk space) for a server that will be the sole AD domain controller, DNS, DHCP, terminal server, TrendMicro worry free business standard server, printer shares, file shares, and Peachtree database server for 5 to 15 users.  Terminal services will not be used by all employees.  Not sure RRAS maybe included in the mix should VPN access be necessary.

Please forward your suggestions and recommendations.  I just want to make sure I set things up looking at the future and not simply to quickly get things going.
0
Comment
Question by:cmp119
  • 7
  • 3
  • 2
12 Comments
 
LVL 25

Expert Comment

by:Tony Giangreco
Comment Utility
I would add a second processor and more ram and setup Rdp right into the servers as a TS/Rdp server. Install Peachtree on the server as an app and allow employees to login with Rdp, run the app on the server and save their data right there. We do this with QuickBooks and it works well.
0
 

Author Comment

by:cmp119
Comment Utility
Wow a second processor by itself is not cheap.  I was not thinking it would be necessary.  Adding more RAM and a second processor will be over $1K would be me guess.  I do not think the client will tolerate such an increase in cost.
0
 
LVL 25

Assisted Solution

by:Tony Giangreco
Tony Giangreco earned 250 total points
Comment Utility
We run multiple locations like this and learned the hard way a 2nd processor and additional ram on an Rdp server really helps. I would not want to under sell a solution and them have to explain why the system runs slow after it's installed.  It's cheaper to add resources before going live than after.
0
 

Author Comment

by:cmp119
Comment Utility
I understand what you're saying.  I don't want to be put under those circumstances.  My thought was the count of users hitting the server at an given time would be 5 to 10 at most.  I usually get a second processor and more RAM (24 to 32gbs) for an SBS server that will host exchange, Sharepoint, and possibly SQL.  I could possibly see doubling the RAM to 32Gbs, but the cost of the processor will be a tuff sell.
0
 
LVL 35

Expert Comment

by:Mahesh
Comment Utility
You can keep same AD domain name as external, it will be helpful.

This will simplify your digital Certificate management.
Also it won't create any problems even if your AD domain name is more than 15 characters long as it will limit domain NetBIOS name only to 15 characters.

I hope you will be having at least Two \ Four core to that XEON CPU which is enough according to  me for 15 peoples
You can deploy Hyper-V 2012 \ 2012 R2 standard edition on host server with two free Virtual machines (one 2012 R2 server as a DC and another as a Application + RD Gateway server to which your users will get connected  for accessing application).

Then you can have one public SSL certificate for Remote Desktop gateway server and RDS cals for users who are going to connect.

Mahesh.
0
 

Author Comment

by:cmp119
Comment Utility
What do you think about using RDP without a VPN connection?  My understanding is an RDP connection is already an encrypted connection.
0
ScreenConnect 6.0 Free Trial

Explore all the enhancements in one game-changing release, ScreenConnect 6.0, based on partner feedback. New features include a redesigned UI, app configurations and chat acknowledgement to improve customer engagement!

 

Author Comment

by:cmp119
Comment Utility
The single Intel XEON E-24XX V2 Processor has eight cores.  I just don't like the idea of using automatedproductionsgroup\JohnDoe.  It would be so much better using apg\JonhDoe.  I believe you stated it will only take the first 15 characters, so I guess it would be automatedproduc\JohnDoe then.  If that is the case, that still does not look right and appears to be cumbersome.
0
 
LVL 35

Expert Comment

by:Mahesh
Comment Utility
In previous comment, When I said that you can use RD gateway server, you are ultimately using encrypted RDP sessions only because RD gateway requires SSL certificate for communications
RD Gateway is the server through which you are getting authenticated with AD and able to logon to internal server with RDP only
RD Gateway server IP is published on internet with public DNS name
For Ex: RDgateway.automatedProductiongroup.com
OR
yourapp.automatedProductiongroup.com
Also please note that even if you keep automatedProductiongroup.com as domain name, you can keep custom NetBIOS name such as APC and AD will give you option during initial AD setup

Check below link for more info to setup RD gateway server
http://ryanmangansitblog.com/2013/03/27/deploying-remote-desktop-gateway-rds-2012/

Mahesh.
0
 

Author Comment

by:cmp119
Comment Utility
I am sorry to say the client stated they are happy using logmein himachi as a VPN solution to simply access server shares to access there data.  They were not willing to spend more for RDP licenses, extra processor, more memory, and an SSL Certificate.  

Thank you for your feedback.  It was greatly appreciated.
0
 

Author Comment

by:cmp119
Comment Utility
Mahesh -

I am trying to understand your statement:

Also please note that even if you keep automatedProductiongroup.com as domain name, you can keep custom NetBIOS name such as APC and AD will give you option during initial AD setup

I presume you are suggesting I go ahead and setup the AD domain name as automatedProductiongroup.com.  I do not understand the portion pertaining to a custom NetBIOS name.

Maybe you can forward some articles pertaining to this so that I have a better understanding. Thank.s
0
 
LVL 35

Accepted Solution

by:
Mahesh earned 250 total points
Comment Utility
When you run dcpromo, you will come to know What I am trying to Say

By default when you run dcpromo, system will provide NetBIOS name to your specified AD domain, which is same as domain name

For Ex: Your domain name is Contoso.com
Then system will auto generate NetBIOS name and keep in front of you such as CONTOSO . You can change it if wanted to, the best practice is to keep it as it is as suggested by system
However if your domain name is more than 15 characters long, due to limitations of NetBIOS name in Windows, it can be max 15 characters long
Hence you don't have left any choice other than renaming it to some meaningful name

For Ex: ContosoNetworkSystems.com domain requires that NetBIOS name should be equal to domain name (CONTOSONETWORKSYSTEMS) which is simply not possible due to system restrictions and hence it will accept only 1st 15 characters, that you can change any way to some meaningful name such as CONTOSO only

Check dcpromo advanced wizard for clear understanding
http://www.jppinto.com/2010/07/dcpromo-on-windows-server-2008/

Mahesh.
0
 

Author Closing Comment

by:cmp119
Comment Utility
Thank you gentlemen for your input and suggestions.
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Join & Write a Comment

What to do when Windows Update is not working correctly? What tools can I use to detect the cause of the malfunction problem? What does this numeric error code mean? These and other questions that you have been asking in the past are answered here (…
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now