Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

One Site Multiple Physical Locations

Posted on 2014-04-12
9
Medium Priority
?
307 Views
Last Modified: 2014-04-12
Hello Experts,

I recently started working at a new company and while assessing their topology, there are changes I would like to make, but want to make sure how this could effect their current structure.

As it stand right now, this company has 1 Forest - 1 Domain - 1 Site - 2 DCs - 20 Different Physical locations.

Both DCs are running 2008 R2 and one is located at the Main Office and the other DC is located at an offsite location for disaster purposes.

My question is, I would like to separate each physical location into a separate site. For budget purposes right now, I will not have the option to purchase additional DCs. Am I going to run into problems if I create additional sites? Each physical location are currently using different networks. 10.10.20.0 - 21.0 - 22.0 etc. Seeing that they are all authenticating against DC1 what kind of walls would I come up against if I created separate sites?

Thanks for any recommendations or articles you can provide to help me with this question.
0
Comment
Question by:smartin0924
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 37

Expert Comment

by:Neil Russell
ID: 39996395
Firstly ask yourself WHY you want to create 20 different AD sites? Just because you have 20 physical locations it does not follow that you MUST have 20 AD sites.

AD Sites serve a purpose, be it for authentication to different AD controllers or to allow Site specific GP's etc.  Dont' partition just because it seemed like a good idea at the time.

Can you explain WHY the need for 20 sites? This may help in answering the questions you ask.
0
 
LVL 84

Expert Comment

by:Dave Baldwin
ID: 39996408
I agree with @Neilsr.  And if I were your boss, I would want a Very good reason to spend the time changing something that is currently working.
0
 
LVL 1

Author Comment

by:smartin0924
ID: 39996416
My first thought was just to structure the AD better so I could apply specific policies to the equipment in that location. We currently use roaming profiles and each time a user goes to a different site, we need to load printers for that user. I'm not 100% on roaming profiles and do not like having to use them so that will probably lead to another question or more research, but this was my first thought when looking into ideas to set things up.

Let me be clear, I am not wanting to change things just because. Im simply going off the bit of knowledge I do know. If there is a better solution, I am open for any and all ideas.

Thanks for replying
0
Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

 
LVL 37

Assisted Solution

by:Neil Russell
Neil Russell earned 400 total points
ID: 39996417
For a better understanding of what "Active Directory Sites" are have a read here
0
 
LVL 84

Expert Comment

by:Dave Baldwin
ID: 39996422
I suggest you start keeping a list of problems and solutions.  Or maybe more accurately, situations and actions required.  How many times does a user go to a different site?  Are you talking 1 out of 500 or 10 out of 20?  Things like that should tell you how much work it is costing your company.
0
 
LVL 1

Author Comment

by:smartin0924
ID: 39996431
Neilsr, thanks for the article. The part that talks about "Sites and subnets are represented in Active Directory by site and subnet objects, which you create through Active Directory Sites and Services. Each site object is associated with one or more subnet objects.
Each site is in a different subnet.

Dave, as far as how many times users are going to different sites, its daily. If someone calls out sick or there's an shortage in staff, they move staff around to help out.
0
 
LVL 3

Accepted Solution

by:
aces4all00 earned 1600 total points
ID: 39996437
Each site requires at least 1 DC so without purchasing additional DCs you can have 2 sites at most.  If you check I believe you will find users are authenticating against both DCs right now.  If you're looking to limit who authenticates to the DC at the DR location creating a separate site for it is not a bad idea.  Adding sites does introduce some administrative overhead (you'll need to keep your subnets in AD Sites and Services are up to date and assigned to the proper subnets) and other services like Exchange couple be impacted by the change.
0
 
LVL 1

Author Closing Comment

by:smartin0924
ID: 39996443
Thank You aces4all00. OK, so the additional DC's will come into play then with the extra sites. That's what I was not clear on.  Thanks for the information, that changes the direction would like to go.
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 39996449
Just because "Each [physical] site is in a different subnet." does not mean you NEED to have AD sites set up.

Group policy can easily handle different printers for different computers in different locations without using Sites. Just use an OU structure that maps to your locations.

Also it is NOT true that EVERY AD Site must have a DC. You can have sites set up without a DC in it and people do so.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question