Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Should I do a Child Domain or just a Domain

Posted on 2014-04-29
8
500 Views
Last Modified: 2014-05-05
We have an existing server at one of our branch offices that needs to be joined to the Primary Domain at our main office.  Example:(Main office...192.168.1.1 - Branch office...192.168.2.1) we are running VPN between the two.  Should I set the server at the branch office as a child or as a additional domain and please direct me to a good article on how.  This is a Windows Server 2008 environment.  Thanks
0
Comment
Question by:PowerC280
8 Comments
 
LVL 21

Expert Comment

by:RK
ID: 40032333
Hi,

I would suggest to add as a child domain. Create a new child domain when you want to create a domain that shares a contiguous namespace with one or more domains. This means that the name of the new domain contains the full name of the parent domain. For example, sales.microsoft.com would be a child domain of microsoft.com. As a best practice, you create new domains as children of the forest root domain.

You can use this procedure http://technet.microsoft.com/en-us/library/cc787706(v=ws.10).aspx.

Hope this helps
0
 
LVL 42

Assisted Solution

by:kevinhsieh
kevinhsieh earned 150 total points
ID: 40032395
Is the branch server a member of a domain already? I don't see why you would want to create a new domain. You should join the Branch server to the existing domain as a member server. How many domain controllers do you have in the main domain? If you have only one, you should have at least two and you should consider making the branch server a domain controller. If you have multiple domain controllers you can consider making the branch server a read only domain controller.

The general Misrosoft recommendation is to have single domain environments.
0
 
LVL 42

Expert Comment

by:Amit
ID: 40032795
One Forest and One Domain is the best option here. So answer to your query is add it as additional server. I don't see any use of creating child domain.
0
The New “Normal” in Modern Enterprise Operations

DevOps for the modern enterprise offers many benefits — increased agility, productivity, and more, but digital transformation isn’t easy, especially if you’re not addressing the right issues. Register for the webinar to dive into the “new normal” for enterprise modern ops.

 

Author Comment

by:PowerC280
ID: 40033630
Does anyone have any good step by step on adding a server to a domain as a member?
0
 
LVL 25

Assisted Solution

by:Coralon
Coralon earned 150 total points
ID: 40033698
There is no reason to even consider a 2nd domain for only 2 offices.  This is a very easy configuration.  

1. Build your 2nd server at the 2nd site.
2. Point the DNS for that server at your existing DC across the wire for DNS as a primary, and at itself as the secondary.
3. Install DNS on that server, and the Active Directory role.
4. Make sure your primary DNS at the primary site only points to itself for DNS.
5. Make sure you have the root hints enabled on both DNS servers.
6. Enable the AD role on the server after the reboot.  The enablement will take some time depending on the link speed.  
7. Define 2 separate sites.  
8. Define your 2 subnets, and assign them to the correct sites.  Your DC's should put themselves in the correct sites.

That's really about it.   Do this over the weekend so that your network has time to replicate and 'settle down'.  

Coralon
0
 
LVL 18

Accepted Solution

by:
Sarang Tinguria earned 200 total points
ID: 40036938
In your case I would recommend  to add additional domain controller

Refer below link with screenshot for how to add additional domain controller for existing domain

http://www.addictivetips.com/windows-tips/how-to-create-additional-domain-controller-adc-in-windows-server-2008/
0
 
LVL 20

Expert Comment

by:wolfcamel
ID: 40039355
you add the server to the domain the same way you add a workstation.
It is only if you want to share roles that it gets a little more complicated.

you also need to watch out for dhcp and dns between the two sites but really that is another question.
0
 

Author Closing Comment

by:PowerC280
ID: 40042004
Thanks guys....
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

A procedure for exporting installed hotfix details of remote computers using powershell
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

837 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question