Re: Another additional DC question
- From: "John R" <jsr^^^813@zoom^^^internet.net>
- Date: Fri, 5 Sep 2008 09:05:29 -0400
"Hollywood0728" <stevenjwilliams83@xxxxxxxxx> wrote in message news:E97EED04-A899-4587-9E6C-10451BA07FAE@xxxxxxxxxxxxxxxx
Good Morning -
I wanted to kind of bounce a concern off anyone who may be able to help. My
company has acquired an additional building and is looking to put some
employees over at this new building for space reasons. Hes the situation:
Site A = Main site where all servers are held now
Site B = Branch site where clients use MS VPN client to remote to Site A
Both Sites have a T1 for internet and a Point to Point T1 to connect the
buildings together for our new phone system. Since we have the Point to Point
in place with Layer 3 switches on each end, I figured rather than having
Clients use VPN, why not have them log on to the domain that Site A hosts. My
question is this, what is the advantage of having a DC/global catalog Server
at the branch office? As long as my users are administrators on their local
machines, they are able to log on to the domain profile even if a DC is not
accessible (I know this cause I bring my laptop home all the time and never
have problems) Now if the Point to Point goes down thay won't be able to
access network resources at site A from Site B, but same is true even I have
a DC at Site B.....So is there something I may not be thinking of? Is it safe
to say that i can have the clients come over the Point to Point to site A
from site B to logon to the domain?
Yes, clients can authenticate over the WAN. However, if the WAN is down, so are the clients. They might be able to use cached credentials to get to a desktop, but that's about it. If there are more than a handful of clients at the remote site, you will want a DC there (in Server 2008, you can have a read-only DC which is more secure).
Make sure you establish your sites and subnets in Active Directory Sites and Services, and assign the subnets and the DCs to the appropriate sites. This will facilitate both network logons and replication traffic. Since you have a T1 between sites, and your company (at least so far) does not appear to be that big, I would not concern myself too much with replication traffic. Yes, monitor it for a while, but with only a few hundred users and machines, the traffic should not be noticeable.
As to the users having local admin rights, well, that's a tough call. Certainly "best practice" is to not do that, but many companies (like mine) violate that all the time, and we have several hundred users over eight sites plus remotes. Yes, we do get the occasional "What is this spyware on my machine", but we deal with that. We are hoping that as we move towards Server 2008, we can get back to best practice. Under 2003, there are just too many things our environment forces our users to do that require local admin privs.
Be careful not to overload that single T between sites with voice and data. And, if your phone system is like ours, don't forget to map your voice traffic so that you understand it. For example, if all incoming lines come into the pbx at site 1, all calls for users in site 2 are going over the T. If a user in site 2 conferences a site 1 user in on a call, that is two channels. Same call comes in to a site 1 user who conferences a site 2 user in only uses one channel. You might want to think of how that T is divided up, and guarantee a certain amount to voice.
Consider placing a file/print server at the remote, and use DFS/FRS where appropriate. That can save considerable bandwidth.
John R
.
- Follow-Ups:
- Re: Another additional DC question
- From: Hollywood0728
- Re: Another additional DC question
- References:
- Another additional DC question
- From: Hollywood0728
- Another additional DC question
- Prev by Date: Re: Additional DC
- Next by Date: OT:Platinum
- Previous by thread: RE: Another additional DC question
- Next by thread: Re: Another additional DC question
- Index(es):
Relevant Pages
|
Loading
