Re: Another additional DC question


Thanks John, this is awesome feed back! Does your profile have a valid email
address? I would love to send you a visio document or a overall project
overview of my new phone system and my plan for site to site communication to
give me more feedback. I have been working closely with my phone vendor who
has been very helpful. And for the record I have 15 users at Site B and 50
at Site A so I think a Point to Point T1 should be plenty, maybe overkill,
but I have to plan for the future. Am I correct to assume I dont't need a
RRAS server?


"John R" wrote:


"Hollywood0728" <stevenjwilliams83@xxxxxxxxx> wrote in message
news:E97EED04-A899-4587-9E6C-10451BA07FAE@xxxxxxxxxxxxxxxx
Good Morning -

I wanted to kind of bounce a concern off anyone who may be able to help.
My
company has acquired an additional building and is looking to put some
employees over at this new building for space reasons. Hes the situation:

Site A = Main site where all servers are held now
Site B = Branch site where clients use MS VPN client to remote to Site A

Both Sites have a T1 for internet and a Point to Point T1 to connect the
buildings together for our new phone system. Since we have the Point to
Point
in place with Layer 3 switches on each end, I figured rather than having
Clients use VPN, why not have them log on to the domain that Site A hosts.
My
question is this, what is the advantage of having a DC/global catalog
Server
at the branch office? As long as my users are administrators on their
local
machines, they are able to log on to the domain profile even if a DC is
not
accessible (I know this cause I bring my laptop home all the time and
never
have problems) Now if the Point to Point goes down thay won't be able to
access network resources at site A from Site B, but same is true even I
have
a DC at Site B.....So is there something I may not be thinking of? Is it
safe
to say that i can have the clients come over the Point to Point to site A
from site B to logon to the domain?

Yes, clients can authenticate over the WAN. However, if the WAN is down, so
are the clients. They might be able to use cached credentials to get to a
desktop, but that's about it. If there are more than a handful of clients
at the remote site, you will want a DC there (in Server 2008, you can have a
read-only DC which is more secure).

Make sure you establish your sites and subnets in Active Directory Sites and
Services, and assign the subnets and the DCs to the appropriate sites. This
will facilitate both network logons and replication traffic. Since you have
a T1 between sites, and your company (at least so far) does not appear to be
that big, I would not concern myself too much with replication traffic.
Yes, monitor it for a while, but with only a few hundred users and machines,
the traffic should not be noticeable.

As to the users having local admin rights, well, that's a tough call.
Certainly "best practice" is to not do that, but many companies (like mine)
violate that all the time, and we have several hundred users over eight
sites plus remotes. Yes, we do get the occasional "What is this spyware on
my machine", but we deal with that. We are hoping that as we move towards
Server 2008, we can get back to best practice. Under 2003, there are just
too many things our environment forces our users to do that require local
admin privs.

Be careful not to overload that single T between sites with voice and data.
And, if your phone system is like ours, don't forget to map your voice
traffic so that you understand it. For example, if all incoming lines come
into the pbx at site 1, all calls for users in site 2 are going over the T.
If a user in site 2 conferences a site 1 user in on a call, that is two
channels. Same call comes in to a site 1 user who conferences a site 2 user
in only uses one channel. You might want to think of how that T is divided
up, and guarantee a certain amount to voice.

Consider placing a file/print server at the remote, and use DFS/FRS where
appropriate. That can save considerable bandwidth.

John R


.

Relevant Pages

  • RE: Group Policy, Firewall and RDP - Terminal Services
    ... I tried to tel net and ping the Clients by name and IP and received nothing. ... Re Ran CEICW on SBS server and VPN connector and still nothing. ... I went into the Group Policy and enable Remote Connection, ... I did mention that I CAN Remote into the Server right? ...
    (microsoft.public.windows.server.sbs)
  • RE: Group Policy, Firewall and RDP - Terminal Services
    ... the clients cannot be connected remotely. ... How to configure Internet access in Windows Small Business Server 2003 ... Allow Remote Desktop exception. ... Microsoft Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)
  • Re: TS Licensing problem
    ... I don't see why my activated W2000 TS server does't ... the remote computer. ... Remote clients are W2000 Pro and XP-Pro machines. ... but it wasn't my intention to mix up CALs and TS CALs! ...
    (microsoft.public.win2000.termserv.apps)
  • Re: remote web workplace no log on screen
    ... > actual server machine itself there was the login. ... Does the issue occur to external clients or LAN clients? ... On the SBS server, go to http://localhost/remote and log on as the ... Can you connect to Remote Desktop of your server? ...
    (microsoft.public.windows.server.sbs)
  • Re: Adding a DC from a remote office to SBS R2
    ... The LOB applicaton is called AIM. ... drives for the win32 clients to run. ... Currently I have remote clients each ... establishing their own VPN connection into the standalone server but I'm ...
    (microsoft.public.windows.server.sbs)