Windows Server Rollout - Multiple Sites 2008R2

Posted on 2014-08-25
Last Modified: 2014-11-26

Before i hit the "go" button i would like to confirm the suitability of my planned server rollout and welcome any suggestions or corrections the same.

Firstly, Network resides over 6 sites - 1 site Head Office, the other 5 are Branch Offices.  All sites linked to Head Office by good speed VPN's (Cisco ASA's).

Head Office to have Main AD Server and an Additional AD Server with one Domain.
Branch Offices to be setup as Additional AD Servers on the same Domain as Head Office.
All Servers act as GC Server, run DHCP for their local subnet's and handle DNS to which forwards to Head Office AD.
All Servers have local shares, printers active. Some branch servers will have DFS setup between each other.

Questions :

So, the local users authenticate to their own local AD server and travellers will authenticate against the server in which they are visiting?

Home shares will still availible as no trusts are required with all servers being on the same domain?

When a user and/or machine is added to Head Office it is replicated to all other AD servers?

DNS is updated and replicated to all servers when a DNS change is made?

GPO's that are created on the Head Office Server are replicated to all other AD servers?

Of course file sharing and subsequent permissions are still handled at each server as is DHCP.

Is there anything unforseen that i may of missed?

Question by:tmaster100
    LVL 24

    Expert Comment

    by:Mohammed Khawaja
    Within AD you set your AD sites where each site will include one or more DCs.  This is what dictates to which site the user authenticates to.  Each site will be bound one or more IP subnets (i.e. site1 subnet is /24 then you make this part of site1 and ensure there is a DC on /24 network.

    Home shares will be available without any issues but remember that traveling users will be access the shares over the network.
    When a user and/or machine is added to Head Office it is replicated to all other AD servers?

    Ensure your DNS is AD integrated and this way each DC will be a DNS server.  Instead of forwarding DNS queries for sites on the Internet to the head office, I recommend you enable root-hints and each DNS server will use local Internet connection for DNS queries (less data between sites).

    GPOs are replicated between all sites regardless of which site or DC they were created on as this is part of AD Data.  GPOs are stored in SYSVOL on each DC which is replicated across all DCs.

    One thing to remember though is that default replication could take up to 90 minutes (this does not include security related items such as account lockout, account deletion, password expiration, etc.).  If this is not acceptable and most administration is done at the head-office then you could change the replication time between head-office and each site.
    LVL 1

    Author Comment

    Thanks for your comments, very much appreciated.
    LVL 1

    Author Comment

    Great. So what happens if i join a workstation to the non-head office server, will it replicate to all the others aswell? I assume it will but best to check.
    LVL 24

    Accepted Solution

    It will.  Rule of thumb is that everything in AD will be synchronized across all sites.  Adding a computer is an AD object and it will be replicated to all sites.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    Case Summary: In this Article we introduce the new method to configure the default user profile using Automated profile copy with sysprep rather than the old ways such as the manual copy of a configured profile to default user profile Old meth…
    After having deployed hundreds of thousands of Terminal Services seats worldwide, I still see all the time people asking me that same old question: "If TS/RDS is that reliable why are you telling me I should reboot it that often? My DC/SQL/Exchange/…
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now