Branch office setup

  • Thread starter Thread starter Johnny Chow
  • Start date Start date
J

Johnny Chow

I am still newbie. My company want to setup up branch office by using VPN
through cable modem. The transfer speed is half megabyte. Should I setup
as multiple domain or subdomain for the organization? Will the network kill
me if I install the subdomain controller at remote branch site? Any pro or
con will be appreciated.

Thank you in advance,

Johnny Chow
 
Johnny,

This is *usually* WINNT 4.0 thinking!

You might want to look into Active Directory Sites and Services. By using
"Sites" you can have one domain that has multiple physical locations.

Also, you might want to post this to the Active Directory News Group. You
can get a whole lot of information on this over there ( as well as in
here! ).

Essentially what you will have will be 'yourdomain.com' spread out over the
various physical locations. So, in a typical scenario you will have the
'main' office and several 'remote' offices. You will typically want to have
at least one Domain Controller in each of the remote offices ( well,
depending on how many users are going to be there ) and two in the 'main'
office. You will have to consider the location of the Global Catalog
Servers. You would *probably* want at least one Domain Controller in each
Site to be a GC.

You will need to set up the Sites in the Active Directory Sites and Services
MMC. You will notice that you have one already ( the
Default-First-Site-Name ). If you would like you can rename it. You need
to create the Subnets ( i.e., 192.168.1.0 / 24 ) and then associate each
Subnet with the appropriate Site. You will need to create the Site links.

So, how does this work? Well, in Active Directory there are two ways that
things replicate: Intra-Site ( all Domain Controllers in the same Site
replicate with each other ) and Inter-Site ( where one Domain Controller
from each Site is designated as a Bridgehead Server and the BHS from Site1
replicates with the BHS from Site 2 - at this point the Intra-Site
replication happens....).

Are there any reasons why you would want to have child domains? Usually
the reason is that one 'group' wants a really strong password policy and the
'others' do not. Or, there could be political reasons.

HTH,

Cary
 
Nice post, Cary. *sigh*, why is it always the political reasons that end up
making the decisions....???

--
Scott Baldridge
Windows Server MVP, MCSE


"Cary Shultz [A.D. MVP]"
 
Scott,

Don't know. I guess that it is the job of the CIO ( or IT Director or
whatever the title is named ) to make sure that 'politics' are minimized.
It is simply foolish to think that 'politics' will never be a part of the
decision making process. It always will be. Just the way it is...and
always will be. Granted, it can be managed and minimized ( at least from
what I have seen ) but will always be present.

And it is too bad. Sometimes some really asinine policies are put in place
because some whinny little rat ( opps, that slipped! sorry! ) really wants
this or that...but there are always ways to eventually 'fix' that 'problem'.
Funny how upgrading an operating system often results in that 'fix'. I
guess it is just a matter of picking your battles ( which mostly consists of
knowing which battles to fight and which battles to avoid ).

Have a nice night and an even better tomorrow ( God willing! ).

Cary

NIC Student said:
Nice post, Cary. *sigh*, why is it always the political reasons that end up
making the decisions....???

--
Scott Baldridge
Windows Server MVP, MCSE


"Cary Shultz [A.D. MVP]"
Johnny,

This is *usually* WINNT 4.0 thinking!

You might want to look into Active Directory Sites and Services. By using
"Sites" you can have one domain that has multiple physical locations.

Also, you might want to post this to the Active Directory News Group. You
can get a whole lot of information on this over there ( as well as in
here! ).

Essentially what you will have will be 'yourdomain.com' spread out over
the
various physical locations. So, in a typical scenario you will have the
'main' office and several 'remote' offices. You will typically want to
have
at least one Domain Controller in each of the remote offices ( well,
depending on how many users are going to be there ) and two in the 'main'
office. You will have to consider the location of the Global Catalog
Servers. You would *probably* want at least one Domain Controller in each
Site to be a GC.

You will need to set up the Sites in the Active Directory Sites and
Services
MMC. You will notice that you have one already ( the
Default-First-Site-Name ). If you would like you can rename it. You need
to create the Subnets ( i.e., 192.168.1.0 / 24 ) and then associate each
Subnet with the appropriate Site. You will need to create the Site links.

So, how does this work? Well, in Active Directory there are two ways that
things replicate: Intra-Site ( all Domain Controllers in the same Site
replicate with each other ) and Inter-Site ( where one Domain Controller
from each Site is designated as a Bridgehead Server and the BHS from Site1
replicates with the BHS from Site 2 - at this point the Intra-Site
replication happens....).

Are there any reasons why you would want to have child domains? Usually
the reason is that one 'group' wants a really strong password policy and
the
'others' do not. Or, there could be political reasons.

HTH,

Cary




pro
or
Click to expand...
Click to expand...
 
Thank you Cary,
I awared the global catalog hold the part of replicate AD and
authentication. I built two DC at main office and followed Microsoft
recommendation not to setup infrastructure master and GC on the same server.
One day GC server crashed on me then user ID could not authenticate. Does
this mean I need to have minimum of two GC servers and one DC server as
schema and infrastructer master on each site to have fault tolerance?

Regards,

Johnny Chow

Cary Shultz said:
Scott,

Don't know. I guess that it is the job of the CIO ( or IT Director or
whatever the title is named ) to make sure that 'politics' are minimized.
It is simply foolish to think that 'politics' will never be a part of the
decision making process. It always will be. Just the way it is...and
always will be. Granted, it can be managed and minimized ( at least from
what I have seen ) but will always be present.

And it is too bad. Sometimes some really asinine policies are put in place
because some whinny little rat ( opps, that slipped! sorry! ) really wants
this or that...but there are always ways to eventually 'fix' that 'problem'.
Funny how upgrading an operating system often results in that 'fix'. I
guess it is just a matter of picking your battles ( which mostly consists of
knowing which battles to fight and which battles to avoid ).

Have a nice night and an even better tomorrow ( God willing! ).

Cary

NIC Student said:
Nice post, Cary. *sigh*, why is it always the political reasons that
Click to expand...
end
up
making the decisions....???

--
Scott Baldridge
Windows Server MVP, MCSE


"Cary Shultz [A.D. MVP]"
Johnny,

This is *usually* WINNT 4.0 thinking!

You might want to look into Active Directory Sites and Services. By using
"Sites" you can have one domain that has multiple physical locations.

Also, you might want to post this to the Active Directory News Group. You
can get a whole lot of information on this over there ( as well as in
here! ).

Essentially what you will have will be 'yourdomain.com' spread out over
the
various physical locations. So, in a typical scenario you will have the
'main' office and several 'remote' offices. You will typically want to
have
at least one Domain Controller in each of the remote offices ( well,
depending on how many users are going to be there ) and two in the 'main'
office. You will have to consider the location of the Global Catalog
Servers. You would *probably* want at least one Domain Controller in each
Site to be a GC.

You will need to set up the Sites in the Active Directory Sites and
Services
MMC. You will notice that you have one already ( the
Default-First-Site-Name ). If you would like you can rename it. You need
to create the Subnets ( i.e., 192.168.1.0 / 24 ) and then associate each
Subnet with the appropriate Site. You will need to create the Site links.

So, how does this work? Well, in Active Directory there are two ways that
things replicate: Intra-Site ( all Domain Controllers in the same Site
replicate with each other ) and Inter-Site ( where one Domain Controller
from each Site is designated as a Bridgehead Server and the BHS from Site1
replicates with the BHS from Site 2 - at this point the Intra-Site
replication happens....).

Are there any reasons why you would want to have child domains? Usually
the reason is that one 'group' wants a really strong password policy and
the
'others' do not. Or, there could be political reasons.

HTH,

Cary



I am still newbie. My company want to setup up branch office by using
VPN

through cable modem. The transfer speed is half megabyte. Should I
setup
as multiple domain or subdomain for the organization? Will the network
kill
me if I install the subdomain controller at remote branch site? Any pro
or
con will be appreciated.

Thank you in advance,

Johnny Chow
Click to expand...
Click to expand...
Click to expand...
 
Johnny,

A couple of things:

-It is almost always a good idea to have two of everything! So, yes, it
would be advantageous to have two Global Catalog Servers,
-the recommendation does not really apply if you have only one domain -OR-
if you make all of your DCs Global Catalog Servers,
-the Schema Master role is an Forest-wide Role and is held by only one DC in
the entire Forest - regardless of the number of Sites,
-the Infrastructure Master role is a Domain-wide role and is held by only
one DC in each Domain, regardless of the number of Sites.

HTH,

Cary

Johnny Chow said:
Thank you Cary,
I awared the global catalog hold the part of replicate AD and
authentication. I built two DC at main office and followed Microsoft
recommendation not to setup infrastructure master and GC on the same server.
One day GC server crashed on me then user ID could not authenticate. Does
this mean I need to have minimum of two GC servers and one DC server as
schema and infrastructer master on each site to have fault tolerance?

Regards,

Johnny Chow

Cary Shultz said:
Scott,

Don't know. I guess that it is the job of the CIO ( or IT Director or
whatever the title is named ) to make sure that 'politics' are minimized.
It is simply foolish to think that 'politics' will never be a part of the
decision making process. It always will be. Just the way it is...and
always will be. Granted, it can be managed and minimized ( at least from
what I have seen ) but will always be present.

And it is too bad. Sometimes some really asinine policies are put in place
because some whinny little rat ( opps, that slipped! sorry! ) really wants
this or that...but there are always ways to eventually 'fix' that 'problem'.
Funny how upgrading an operating system often results in that 'fix'. I
guess it is just a matter of picking your battles ( which mostly
Click to expand...
consists
of
knowing which battles to fight and which battles to avoid ).

Have a nice night and an even better tomorrow ( God willing! ).

Cary

NIC Student said:
Nice post, Cary. *sigh*, why is it always the political reasons that
Click to expand...
end
up
making the decisions....???

--
Scott Baldridge
Windows Server MVP, MCSE


"Cary Shultz [A.D. MVP]"
Johnny,

This is *usually* WINNT 4.0 thinking!

You might want to look into Active Directory Sites and Services. By using
"Sites" you can have one domain that has multiple physical locations.

Also, you might want to post this to the Active Directory News
Click to expand...
Group.
You
can get a whole lot of information on this over there ( as well as in
here! ).

Essentially what you will have will be 'yourdomain.com' spread out over
the
various physical locations. So, in a typical scenario you will have the
'main' office and several 'remote' offices. You will typically want to
have
at least one Domain Controller in each of the remote offices ( well,
depending on how many users are going to be there ) and two in the 'main'
office. You will have to consider the location of the Global Catalog
Servers. You would *probably* want at least one Domain Controller
Click to expand...
in
each
Site to be a GC.

You will need to set up the Sites in the Active Directory Sites and
Services
MMC. You will notice that you have one already ( the
Default-First-Site-Name ). If you would like you can rename it.
Click to expand...
You
need
to create the Subnets ( i.e., 192.168.1.0 / 24 ) and then associate each
Subnet with the appropriate Site. You will need to create the Site links.

So, how does this work? Well, in Active Directory there are two
Click to expand...
ways
that
things replicate: Intra-Site ( all Domain Controllers in the same Site
replicate with each other ) and Inter-Site ( where one Domain Controller
from each Site is designated as a Bridgehead Server and the BHS from Site1
replicates with the BHS from Site 2 - at this point the Intra-Site
replication happens....).

Are there any reasons why you would want to have child domains? Usually
the reason is that one 'group' wants a really strong password policy and
the
'others' do not. Or, there could be political reasons.

HTH,

Cary



I am still newbie. My company want to setup up branch office by using
VPN

through cable modem. The transfer speed is half megabyte. Should I
setup
as multiple domain or subdomain for the organization? Will the network
kill
me if I install the subdomain controller at remote branch site?
Click to expand...
Any
pro
or
con will be appreciated.

Thank you in advance,

Johnny Chow
Click to expand...
Click to expand...
Click to expand...
 
Back
Top