Re: Active Directory Setup Advice
- From: "Anthony" <anthony.spam@xxxxxxxxxxxxxx>
- Date: Wed, 5 Jul 2006 23:17:44 +0100
A domain is really an entity with a single security remit. It is capable of
handling very large numbers of users, sites, computers, printers etc.
If you just want people to know how to find their resources you can use:
DFS for files (e.g \\mydomain\shared\marketing)
Locations for printers
You would not want separate domains just to have the same names for servers.
However if marketing want to manage things completely differently from
sales, for example with no password expiry and everyone as a local
administrator, then you might want a separate domain, a separate network and
a firewall between them.
Anthony
"Matt Berry" <MattBerry@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:9B95EF02-70C2-4D76-800B-E9BD22E99722@xxxxxxxxxxxxxxxx
Ok so one domain seems best idea. But the old fashioned NT way used to be
split off remote sites as domains. If create one domain all machines will
be
seen as on the same network it will be like one big network.
What if you want to split the domain? I was on the understanding that
people
say chicago, newyork etc for branch offices and then marketing and sales
etc
for the networks underneath.
Under one domain all machines have to be unique in naming scheme. And
under
sub domains you can have same names under different domain. I.E Fieserver,
mailserver
Is this a question alot of people get confused on as it seems once your
domain has been setup no going back in terms of configuration without
redoing
DNS and everything on the servers!
"ctvader" wrote:
If you use on Domain (we're set up this way) and have a DC in each
site, then the users will authenticate to the DC in their site,
provided your sites and dns are setup correctly.
If you use multiple domains, the complexity can grow pretty fast - ex:
two DC's per domain (in case one crashes, placement of accounts,
machines, policies, etc. Multiple domains should be used when the OU's
dont fit your security models.
I would recomed at least two DC's in your main site and one DC in each
remote site, seperating OU's into geographical sites. This will afford
you the flexibility of specific settings for each site.
I hope this helps and i'm sure others will have varying opinions. If
you have more questions, keep them coming.
Matt Berry wrote:
I am just trying to work out what people usually do in this scenario.
As
would it be best to have sub domains for remote offices or a single
domain?
Surely there is a limit to how many machines can be in a single domain
model?
Say I have someone logon at central office and configured as single
domain I
understand that will go to the nearest DC and logon. What happens if
you use
sub domains does that then go back to the server at the sub domain to
logon
or will the local server still process logons.
Bit confused about the process of what happens in these 2 scenarios.
any
explinations of the 2 would be a help.
"ctvader" wrote:
Matt,
You really cant seperate in Netowrk Neighborhood by using one domain
but you can organize it by using different characters in the machine
names. Why is the browsing via network neighborhood so important?
Just trying to find more info to help you...
Matt Berry wrote:
I was thinking one domain would be easiest solution, but how do you
then
seperate in network neighbourhood to show seperate offices etc? As
don't
really want all machines showing up in one big list. As need to
determine
which site it is at by browsing.
"Anthony" wrote:
The issues you need to resolve are separate.
Unless you have incompatible security requirements between the
sites, you
only need one domain for all.
You need a domain controller anywhere where you have slow links
(e.g ADSL)
or you want people to keep working if the line goes down, and if
you can
afford it. If you have fast and reliable links you don't even
need that.
Computers will connect to the nearest DC if it is available, but
if it isn't
they will find any other.
Anthony
"Matt Berry" <MattBerry@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message
news:E004B77C-032B-4271-82FD-ACD3CA43682C@xxxxxxxxxxxxxxxx
What is the best way to configure AD if using 1 central site of
around 60
users and another site with 30 which the main traffic goes
between. Then 8
satellite offices that connect to the central site.
Should we setup one large single domain that everyone logs
into. Meaning
that remotes can talk to any dc that answers a request when
logging on?
So everything is under mycompany.local or using sub domains for
each site
such as location.mycompany.local at each site?
What would be the best way to configure this and what are the
advantages/disadvantages?
.
- Follow-Ups:
- Re: Active Directory Setup Advice
- From: ctvader
- Re: Active Directory Setup Advice
- References:
- Re: Active Directory Setup Advice
- From: Anthony
- Re: Active Directory Setup Advice
- From: ctvader
- Re: Active Directory Setup Advice
- From: Matt Berry
- Re: Active Directory Setup Advice
- From: ctvader
- Re: Active Directory Setup Advice
- From: Matt Berry
- Re: Active Directory Setup Advice
- Prev by Date: Re: ADAMSync Issues.
- Next by Date: Re: Domain controller not a global catalog, but is registered as i
- Previous by thread: Re: Active Directory Setup Advice
- Next by thread: Re: Active Directory Setup Advice
- Index(es):
Relevant Pages
|
