Multiple locations + domain controller

M

marley1

Supreme [H]ardness
Joined
Jul 18, 2000
Messages
5,447
i haven't had to do this yet but curious as how it would be setup

if their is a main business Company A, and they have satellite offices Company B, and C, how exactly would you link up the Active Directory/Domains. I imagine in the Company A you would have the main Domain controller, then at the satellite offices you would deploy smaller domain controllers and just join the child to the forest?

Is that correct?

Also what are some good books for Server 2003/Domain Controller/Exchange/Active Directory?

Thanks!
 
The structure/design of the AD really has more to do with business and political structure than it does geography. It somewhat depends on the network infrastructure, but usually authentication uses the least bandwidth of all your other applications.

In your example there are lots of ways this could be done.
- one domain with DC's at each location
- seperate domains for each location in the same forest with each site having their own DC
- one domain with one DC (or two or three) at the main site and no DC's at the other locations
- entirely seperate forests at each location with DC's at each

It all depends on who has to sign in from where and what access they need. At my work we have 23 locations all in one domain with 3 domain controllers - two at the datacenter and another at another site for disaster recovery purposes. 80% of our "work" is done via terminal server in the datacenter so it make sense to consolidate our servers at one location. We were also able to get all the security needed by creating the appropriate OU's. Just because this is the right answer for us though, doesn't mean it is the right answer for anyone else.

You might also want to get the thought of "master DC" out of your head. AD is multi-master so every domain controller is just as important as any other.

As far as books, I really like Mark Minasi as an author and Mastering Windows 2003 was as good a read as any.
 
As an Amazon Associate, HardForum may earn from qualifying purchases.
Party2go9820 said:
The structure/design of the AD really has more to do with business and political structure than it does geography. It somewhat depends on the network infrastructure, but usually authentication uses the least bandwidth of all your other applications.

In your example there are lots of ways this could be done.
- one domain with DC's at each location
- seperate domains for each location in the same forest with each site having their own DC
- one domain with one DC (or two or three) at the main site and no DC's at the other locations
- entirely seperate forests at each location with DC's at each

It all depends on who has to sign in from where and what access they need. At my work we have 23 locations all in one domain with 3 domain controllers - two at the datacenter and another at another site for disaster recovery purposes. 80% of our "work" is done via terminal server in the datacenter so it make sense to consolidate our servers at one location. We were also able to get all the security needed by creating the appropriate OU's. Just because this is the right answer for us though, doesn't mean it is the right answer for anyone else.

You might also want to get the thought of "master DC" out of your head. AD is multi-master so every domain controller is just as important as any other.

As far as books, I really like Mark Minasi as an author and Mastering Windows 2003 was as good a read as any.
Click to expand...

hey thanks for that post, very informative, these ones seem to be the better solutions, are there any resourrces online that i could read how to set these up.

For the one domain with DC at each location, one would have to be the first DC in the forest and then at each other location I would be selecting adding a child to the DC (forgot the options in AD Prep), right?

Seperate domains in the same forest, any site on how to do this?

And seperate forests at each location, woulld they be able to communicate with each other? Any resource on this?

Also i would be doign this so people in Company A could go to Company B or C login and have all their information. They would share locations and travel to each one.

This is all hypothetical as I am just tryign to learn

Thanks,
Dan
 
As an Amazon Associate, HardForum may earn from qualifying purchases.
I too would like to know how networks spread across multiple locations can be linked under one domain.

I'm currently doing IT help desk for a client that spans across all of America and even Canada. I'd really like to understand how it works.
 
paintb4707 said:
I too would like to know how networks spread across multiple locations can be linked under one domain.

I'm currently doing IT help desk for a client that spans across all of America and even Canada. I'd really like to understand how it works.
Click to expand...

VPN connection(s).

Have the routers connected to each other via vpn links. From there you can link the servers up. Hell you really don't need to put a active directory server at each location if you didn't want to. Depends on the needs of the business. In many cases you will see a domain controller at remote offices for speed and backup of files.
 
You must log in or register to reply here.
Back
Top