Is this the ideal solution for a new branch office?

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

I am helping a client setup a new branch office. They want to setup the new
branch with one domain controller which will be a member of the domain that
is the main HQ instead of creating a child domain for the branch office.
Replication will be via an ISA2004 box on each location using the
site-to-site VPN option. Each site has a 2mb broadband connection.

My plan is to create the new DC on the HQ sites LAN, make it a Global
catalogue server, install DNS and then force replication. I would then
create a new site for the branch office and its subnet. Change the branch DC
IP information to the new information and then ship the DC to the new site.
I then plan on joining the branch ISA server to the domain and configuring
for site-to-site VPN connectivity to allow replication(I know that was a bit
vague but you know what I mean).

Does this solution sound fine, does anyone foresee any problems? Will there
not be issues with the fact that FSMO roles will be split over physical
connections over what is probably not classed as a good connection? Would it
be better to set the new site up as a child domain?

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

This is the configuration that I use under these circumstances. Take a look
at the Microsoft Branch Office Deployment guide. You'll not need the
staging and scripting part of this as you are only rolling out one site, but
take a look at it for the design considerations.

--
Ryan Hanisco
MCSE, MCDBA
Flagship Integration Services

"HDZ" <HDZ@discussions.microsoft.com> wrote in message
news:34DBEBAD-343F-4B6E-B5D2-DDD1070AC18F@microsoft.com...
> I am helping a client setup a new branch office. They want to setup the
new
> branch with one domain controller which will be a member of the domain
that
> is the main HQ instead of creating a child domain for the branch office.
> Replication will be via an ISA2004 box on each location using the
> site-to-site VPN option. Each site has a 2mb broadband connection.
>
> My plan is to create the new DC on the HQ sites LAN, make it a Global
> catalogue server, install DNS and then force replication. I would then
> create a new site for the branch office and its subnet. Change the branch
DC
> IP information to the new information and then ship the DC to the new
site.
> I then plan on joining the branch ISA server to the domain and configuring
> for site-to-site VPN connectivity to allow replication(I know that was a
bit
> vague but you know what I mean).
>
> Does this solution sound fine, does anyone foresee any problems? Will
there
> not be issues with the fact that FSMO roles will be split over physical
> connections over what is probably not classed as a good connection? Would
it
> be better to set the new site up as a child domain?
>

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Sounds like a plan. Design wise, it is still advisable to keep the number of
AD domains down and as simple as possible.

Make sure that the branch office's only DC has its primary and secondary DNS
entries pointing to itself and the HQ's DC respectively. This assumes that
you are using AD-integrated DNS on the DCs in the domain.

This setup works fine although managing GPOs outside the AD site where the
PDC Emulator resides will likely be slow i.e. the branch office DC. One
workaround is to use Terminal Service to access the PDC provided that your
corporate's security policy allows that.

Do let us know if this helps. Thanks!

>
> "HDZ" <HDZ@discussions.microsoft.com> wrote in message
> news:34DBEBAD-343F-4B6E-B5D2-DDD1070AC18F@microsoft.com...
> > I am helping a client setup a new branch office. They want to setup the
> new
> > branch with one domain controller which will be a member of the domain
> that
> > is the main HQ instead of creating a child domain for the branch office.
> > Replication will be via an ISA2004 box on each location using the
> > site-to-site VPN option. Each site has a 2mb broadband connection.
> >
> > My plan is to create the new DC on the HQ sites LAN, make it a Global
> > catalogue server, install DNS and then force replication. I would then
> > create a new site for the branch office and its subnet. Change the branch
> DC
> > IP information to the new information and then ship the DC to the new
> site.
> > I then plan on joining the branch ISA server to the domain and configuring
> > for site-to-site VPN connectivity to allow replication(I know that was a
> bit
> > vague but you know what I mean).
> >
> > Does this solution sound fine, does anyone foresee any problems? Will
> there
> > not be issues with the fact that FSMO roles will be split over physical
> > connections over what is probably not classed as a good connection? Would
> it
> > be better to set the new site up as a child domain?
> >
>
>
>