Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Windows Server Rollout - Multiple Sites 2008R2

Posted on 2014-08-25
4
Medium Priority
?
90 Views
Last Modified: 2014-11-26
Hi,

Before i hit the "go" button i would like to confirm the suitability of my planned server rollout and welcome any suggestions or corrections the same.

Firstly, Network resides over 6 sites - 1 site Head Office, the other 5 are Branch Offices.  All sites linked to Head Office by good speed VPN's (Cisco ASA's).

Head Office to have Main AD Server and an Additional AD Server with one Domain.
Branch Offices to be setup as Additional AD Servers on the same Domain as Head Office.
All Servers act as GC Server, run DHCP for their local subnet's and handle DNS to which forwards to Head Office AD.
All Servers have local shares, printers active. Some branch servers will have DFS setup between each other.

Questions :

So, the local users authenticate to their own local AD server and travellers will authenticate against the server in which they are visiting?

Home shares will still availible as no trusts are required with all servers being on the same domain?

When a user and/or machine is added to Head Office it is replicated to all other AD servers?

DNS is updated and replicated to all servers when a DNS change is made?

GPO's that are created on the Head Office Server are replicated to all other AD servers?

Of course file sharing and subsequent permissions are still handled at each server as is DHCP.

 
Is there anything unforseen that i may of missed?

Cheers.
0
Comment
Question by:tmaster100
  • 2
  • 2
4 Comments
 
LVL 25

Expert Comment

by:Mohammed Khawaja
ID: 40282770
Within AD you set your AD sites where each site will include one or more DCs.  This is what dictates to which site the user authenticates to.  Each site will be bound one or more IP subnets (i.e. site1 subnet is 192.168.100.1 /24 then you make this part of site1 and ensure there is a DC on 192.168.100.1 /24 network.

Home shares will be available without any issues but remember that traveling users will be access the shares over the network.
When a user and/or machine is added to Head Office it is replicated to all other AD servers?

Ensure your DNS is AD integrated and this way each DC will be a DNS server.  Instead of forwarding DNS queries for sites on the Internet to the head office, I recommend you enable root-hints and each DNS server will use local Internet connection for DNS queries (less data between sites).

GPOs are replicated between all sites regardless of which site or DC they were created on as this is part of AD Data.  GPOs are stored in SYSVOL on each DC which is replicated across all DCs.

One thing to remember though is that default replication could take up to 90 minutes (this does not include security related items such as account lockout, account deletion, password expiration, etc.).  If this is not acceptable and most administration is done at the head-office then you could change the replication time between head-office and each site.
0
 
LVL 1

Author Comment

by:tmaster100
ID: 40283053
Thanks for your comments, very much appreciated.
0
 
LVL 1

Author Comment

by:tmaster100
ID: 40454819
Great. So what happens if i join a workstation to the non-head office server, will it replicate to all the others aswell? I assume it will but best to check.
0
 
LVL 25

Accepted Solution

by:
Mohammed Khawaja earned 2000 total points
ID: 40455009
It will.  Rule of thumb is that everything in AD will be synchronized across all sites.  Adding a computer is an AD object and it will be replicated to all sites.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After having deployed hundreds of thousands of Terminal Services seats worldwide, I still see all the time people asking me that same old question: "If TS/RDS is that reliable why are you telling me I should reboot it that often? My DC/SQL/Exchange/…
The question has been asked on multiple occasions as to how best to do printing in a remote desktop or terminal services environment.   It seems that this particular question has plagued several people and most especially as Terminal Services, as…
Integration Management Part 2
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question