Active Directory Design

  • Thread starter Thread starter Android
  • Start date Start date
A

Android

Hello friends, need some advise setting up the AD. Eventually our firm has
decided to implement AD (Migrate). We have two main offices one in LA and
one in NY, each main office has two satellite offices, for NY we have Albany
and Boston satellites, for LA we have Sacremento and San Francisco
satellites. Can anybody please advise me as what would be the best AD
structure for this scenario.


Thanks for you help.
 
You don't give away too much information here. The speed of the links
between offices could be a major factor, as would the number of users.
But if I was to fill in a lot of the blanks myself and make a few educated
guesses I would suggest a single forest, single domain with 6 sites. Two
DC's in each main site and one DC in each satellite office. Replication
could be configured between the two main sites, and between the satellite
sites and their respective main offices.

Unless of course you have 10,000 users at each satellite office...
 
Geary, I am sorry I apologize for not providing all the information. Each
satellite office has about 20 users and the main offices have about 300
users each.

Thanks for your help.
 
In that case I think my original recommendation would stand. With such a
small number of users that design would work just fine.
 
The most important question you need to answer is if there is a central IT
department that handles all the administration of all locations or are there
small IT groups in each location that handle their own administration.

Scenario 1 says it's best to have a single domain with probably one OU
(because you don't need to delegate much, but for GPO you'd probably want
more OUs).

Scenario 2 says it's best to have a single domain with an OU for each
location and the administrators in those locations delegated administrative
permissions. If the main offices handle that for the satellite you wouldn't
need to create an OU for the satellites, but you should if there are
administrators in those satellite offices.

OUs are primarily meant to delegate administrative capabilities. You also
can assign GPOs to OUs or just logically partition your organization.
 
Thanks Simon and JSalminen. Only the two main offices have onsite IT
support, none of the branch offices do. Once a month we make trips to the
branch office, otherwise it is mostly phone support.

Thanks.
 
Back
Top