Re: Active Directory Desgin Advice

Hilton,

Here is what I might suggest:

1) three Sites as defined in Active Directory Sites and Services
You would need to make sure that you set up the Site and then create the
Subnets and associate each Subnet to the correct Site.
You would then need to create the Site Links.

2) running only one Domain Controller is probably not a good idea.
Installing Exchange on that Domain Controller is an even 'badder'
idea. I would install two Domain Controllers and Exchange on a Member
Server. If they really do not want two Domain Controllers
then I would have the one Domain Controller and the one Exchange (Member
Server). I guess that the Domain Controllers would
also have to be the File/Print Server? Never really like that.....

3) make each of the Domain Controllers a DNS Server as well as a DHCP Server
(never really have liked using a network device to
run DHCP....let Windows do it!). Additional, each Site should have a
Global Catalog Server (can only be on a Domain Controller)

4) have the local clients point to their local DNS Server first and then to
the DNS Server in the 'Main Site'

5) having the Domain Controller dual-homed is a big (no, make that a REALLY)
PITA. There are all sorts of issues associated with
doing this. Do a search in this NG for anything from 'Ace Fekay'. He
has a good way of dealing with this.

6) consider having a Firewall-to-Firewall VPN between each Site. This is
also known as a Site-to-Site VPN. SonicWall Firewalls can
do this. Just make sure that the one in the 'Main Site' can handle
multiple 'links'.

There are a couple of pieces of information that you have left off that
might be helpful...

How many users are there in each Site? If there are only something like
five or six in the two 'remote' Sites then maybe Terminal Services would be
an answer. TS is not always an answer, but sometimes it is! Put a member
server in the 'Main Site' and install Terminal Services on it and let the
remote clients RDP into it with their user account / password. Just make
sure to lock things down with a GPO (think Loopback Policy in replace mode).
This could save a lot of money as you would not need a Domain Controller in
the other Sites (there effectively would not be other Sites). Terminal
Services in WIN2003 is pretty cool (from what little I have seen).

However, if TS does not apply because of a special mission critical
application or some other procedure that does not lend itself well to TS
then consider the suggestion that I made. I will leave off any comments
about the pptp VPN.

What is the expected growth (in numbers of employees) in each Site (meaning,
maybe right now TS is a good idea but in one year it will not fit - for
whatever reason)?

--
Cary W. Shultz
Roanoke, VA 24012

"wolfyrabbit" <wolfyrabbit@xxxxxxxxx> wrote in message
news:1139887438.281582.299970@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hi All,

would appreciate advice on the following :

I have the following scenario :

client has 3 physical sites :

Melbourne , Sydney, Gold Coast

Each branch needs the ability to store files on a file server, and to
be able to log on to the ad domain.

I have designed a solution as follows :

1 dc / exchange server at data centre ( i know bad idea but client does
not want to pay for 2 servers)

1 dc / file server at each branch connected to to dc at data centre via
demand dial / permanent PPTP vpn (RRAS) which connects thru internet /
adsl

DFS root created in ad and replication configured to replicate to
branch offices.

Now there are a few obstacles as far as I can see :

1) dcs on site will have two ips and will register their pptp vpn
adapter address in ad and when the clients try and resolve the name to
address they will get the pptp vpn address and not the local/ internal
adapter.

2) If I do it this way then the ad / the clients will not be able to
take advantage of the AD sites feature and will not be able to
distinguish from local / remote sites and hence will slow down dfs
replication.

3) etc there are prolly a lot more issues which I have not foreseen

My envisaged solution :

1) 3 ad domains qld.client.local, nsw.client.local
2) I initially though about a dns only registration (ie: non ad) but
that is counterproductive.

Any help appreciated

Hilton.



.

Relevant Pages

  • Netlogon 5783
    ... For about there mounts I<m having small network problem, with clients, that ... The session setup to the Windows NT or Windows 2000 Domain Controller ... On DC1r there is Exchange 2000 server, witch is Exchange system manager is ... The failure code from authentication protocol Kerberos ...
    (microsoft.public.win2000.networking)
  • Re: Client performance problem windows 2003 server...
    ... >Subject: Re: Client performance problem windows 2003 server... ... >Deploying Active Directory for Branch Office Environments ... >results from not having a domain controller in a particular site. ... incorrectly applied site coverage will be bad for clients ...
    (microsoft.public.windows.server.networking)
  • Re: Getting tons of topology discovery errors.
    ... I've since converted the exchange server into an active ... All Domain Controller ... >>>"NSPI Proxy can contact Global Catalog ... New clients will be refused ...
    (microsoft.public.exchange.admin)
  • Re: Client performance problem windows 2003 server...
    ... Testing server: Verkstadsgatan\VERKTYG ... Deploying Active Directory for Branch Office Environments ... results from not having a domain controller in a particular site. ... incorrectly applied site coverage will be bad for clients ...
    (microsoft.public.windows.server.networking)
  • RE: NTDS.dit file is currupt
    ... "microsoft" wrote:> We are currently facing a serious problem with one our client server. ... > After rebooting the machine in directory services restore mode, I had> followed the steps below; ntdsutil neither defrag Active Directory Database> nor repair. ... Restart the domain controller. ... Check the integrity of the Active Directory database. ...
    (microsoft.public.win2000.active_directory)