Windows Domain Controller Deployment

Hi Experts

Scenario:
we have   child domain(2003) on remote site,now we want to upgrade our infrastructure from 2003 to 2012r2 ,we want to deploy child domain controller on 2012r2 ,
Does this is best practice to create two domain controller for remote site(OR child domain) , one at remote site and one in Head Office and Head Office DC will have the  FSMO Roles on it instead of on remote site DC ?

Thanks
obaidoaAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

MAS (MVE)EE Solution GuideCommented:
I suggest to install windows2012 at the HO and install the same OS  at remote site as Windows2003 is EOL (End of Life) in July 14, 2015.
Make the server in HO as FSMO holder.

Configure Active directory Sites and Services properly. That's it
https://technet.microsoft.com/en-us/library/cc730868.aspx
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Zacharia KurianAdministrator- Data Center & NetworkCommented:
At head Office have your DC with windows 2012 r2, with all the FSMO Roles. If your organization is quite large, better to have additional domains too at HQ.

At the remote site you can have RODC (Read only domain controller), which was introduced with windows 2008 onwards.

What about your exchange server?

Below link would be helpful to you for migrating windows 2003 to windows 2012.

http://blogs.technet.com/b/canitpro/archive/2013/05/27/step-by-step-active-directory-migration-from-windows-server-2003-to-windows-server-2012.aspx

For RODC;

http://www.rebeladmin.com/2014/10/step-by-step-guide-to-install-read-only-domain-controller-rodc/

Zac.
0
MAS (MVE)EE Solution GuideCommented:
Agree with Zacharia.
You can install as RODC as well which I missed out
0
obaidoaAuthor Commented:
Hi
what IP Address i have to assign to the DC  in the Head Office (the head office ip range(10.0.0.1)or the child domain range (192.168.1.0)  .
Because i created two 2012 dc for child domain ,one will sits  at Head Office and the other will be  deploy to child domain office.And i want to migrat FSMO Roles( currently on 2003) to Head Office dc.
Thanks
0
Will SzymkowskiSenior Solution ArchitectCommented:
Does this is best practice to create two domain controller for remote site(OR child domain)

Having multiple DC's in the same site allows for redundancy for Active Directory as also Exchange (if implemented). However, i would not be creating a child domain. This simply adds complexity when you are doing anything in your environment. It also requires additional management of GPO settings etc.

Child domains really should be a thing of the past as the only real reason why you would have a child domain is to have a different password policy.

Since 2008 you can now have multiple password policies (if needed) using Default Domain Policy as one and using PSO (Find Granined Password Policy) for additonal Password policies that you want to implement.

and one in Head Office and Head Office DC will have the  FSMO Roles on it instead of on remote site DC ?

You always want to have your FSMO roles located in a site that has a high network bandwidth to all other sites (to ensure replication and reliability). You also want make sure that FSMO roles are are located in a DC where your Head office is (usually the most users).

Personally I would not bother using RODC's becasue they are another license cost, they cannot be used with Exchange in the same site and unless you are caching the passwords using the Password Replicaiton Policy authentication still goes back to a writable DC, where it is getting its updates from.

Personally if you do not have more than 20 users a a remote site then an RODC is not worth implementing. Also you will require additional server licenses as well.

Will.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.