New Server

[Dan]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

I have two offices here in the states that currently
reside in the same domain with DC's at both sites. We
are opening a third office in the UK but will most likely
have a fairly slow connection coming back. My question
is related to whether or not the box I send over there
(mainly to do logon's, print queue's, and house their
Exchange mailboxes) will need to be a DC or whether I can
get by just making it a GC. I'd rather not have it be a
DC just to cut down on any unnecessary traffic but want
to be sure that will be sufficient.
Thanks,
Dan

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Dan wrote:
> I have two offices here in the states that currently
> reside in the same domain with DC's at both sites. We
> are opening a third office in the UK but will most likely
> have a fairly slow connection coming back. My question
> is related to whether or not the box I send over there
> (mainly to do logon's, print queue's, and house their
> Exchange mailboxes) will need to be a DC or whether I can
> get by just making it a GC. I'd rather not have it be a
> DC just to cut down on any unnecessary traffic but want
> to be sure that will be sufficient.

First thing - You can't have a GC without DC.

You have two (ok, more but let's discuss about this two) choices, I
assume thath You will be an administrator of both locations in the
states and in the UK, so ... :
1. send them box configured as another DC in Your domain and configure
proper sites and subnets
2. send them box configured as additional child domain in Your tree


ad.1
Remember thath if you configure this box as additional DC in Your
existing domain this DC will have to replicate whole domain data with
DCs in the states - You can set replication schedule to keep this traffi
out of working hours but You have to take it under consideration.

ad.2
In this case You don't have to replicate domain data across slow WAN
link (I don't know how slow this link will be) Between these locations
onlu forest wide data will be replicated. Users will have their own
domain resources and You should place at least two DCs for this domain
in the UK location


The replication is only one of the factors which can affect your design
- for example Exchange - You can place in the UK separated Exchange
organisation with internall space and through connector in the states
send a mail for this users in UK. Or if the site in UK will have
separated Internet connection and will use separated e-mail space You
cen set up this as completly separated Exchange organisation - to few
details about Your organisation and bussiness needs. Please post some
more details and somebody will for sure post here some usefull information.

I know that this can be boring but I will post this links once again
becouse I think it can be usefull for You:
Windows Server 2003 Active Directory Branch Office Guide
http://www.microsoft.com/downloads/details.aspx?FamilyId=9353A4F6-A8A8-40BB-9FA7-3A95C9540112&displaylang=en

There is also version for Windows 2000


--
Tomasz Onyszko [MVP]
T.Onyszko@w2k.pl
http://www.w2k.pl

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Dan,

Tomasz has pretty much laid it out for you.

Depending on what 'slow' means, I might consider setting up another AD Site
in ADSS ( for the UK ) and sending a DC to them. If you want a Server over
there for logons then they would need a DC ( well, if you want them to avoid
authentic across the WAN ) that would / should also be a Global Catalog
Server. Best Practices suggest that you have two DCs in each Site, but we
do not know how many users are on the other side of the Pond. If there are
15 users then you might be hard pressed for the funds....but maybe not. You
could also use this DC as the File Server.

You might want to take a look at Delegation if there is anyone over there
who can do Administrative Tasks. Simply install the ADMINPAK on that
workstation and restrict what that person is allowed to do. Well, I keep on
saying 'anyone' or 'person'. Obviously, even if there is but one person you
would set up a security group and use that.....

Furthermore, Tomasz provided you with the Branch Office Guide. This is a
really good document. Since you are using WIN2000 you would have to get the
WIN2000 version as WIN2003 has some nice improvements ( have not played with
it too much but have read a little bit....and this is one of the areas where
some improvements have been made ).

--
Cary W. Shultz
Roanoke, VA 24014
Microsoft Active Directory MVP

http://www.activedirectory-win2000.com
http://www.grouppolicy-win2000.com



"Dan" <anonymous@discussions.microsoft.com> wrote in message
news:1d3501c4f75e$453e8c10$a401280a@phx.gbl...
>I have two offices here in the states that currently
> reside in the same domain with DC's at both sites. We
> are opening a third office in the UK but will most likely
> have a fairly slow connection coming back. My question
> is related to whether or not the box I send over there
> (mainly to do logon's, print queue's, and house their
> Exchange mailboxes) will need to be a DC or whether I can
> get by just making it a GC. I'd rather not have it be a
> DC just to cut down on any unnecessary traffic but want
> to be sure that will be sufficient.
> Thanks,
> Dan