Branch office setup

Archived from groups: microsoft.public.win2000.setup_deployment (More info?)

Johnny,

This is *usually* WINNT 4.0 thinking!

You might want to look into Active Directory Sites and Services. By using
"Sites" you can have one domain that has multiple physical locations.

Also, you might want to post this to the Active Directory News Group. You
can get a whole lot of information on this over there ( as well as in
here! ).

Essentially what you will have will be 'yourdomain.com' spread out over the
various physical locations. So, in a typical scenario you will have the
'main' office and several 'remote' offices. You will typically want to have
at least one Domain Controller in each of the remote offices ( well,
depending on how many users are going to be there ) and two in the 'main'
office. You will have to consider the location of the Global Catalog
Servers. You would *probably* want at least one Domain Controller in each
Site to be a GC.

You will need to set up the Sites in the Active Directory Sites and Services
MMC. You will notice that you have one already ( the
Default-First-Site-Name ). If you would like you can rename it. You need
to create the Subnets ( i.e., 192.168.1.0 / 24 ) and then associate each
Subnet with the appropriate Site. You will need to create the Site links.

So, how does this work? Well, in Active Directory there are two ways that
things replicate: Intra-Site ( all Domain Controllers in the same Site
replicate with each other ) and Inter-Site ( where one Domain Controller
from each Site is designated as a Bridgehead Server and the BHS from Site1
replicates with the BHS from Site 2 - at this point the Intra-Site
replication happens....).

Are there any reasons why you would want to have child domains? Usually
the reason is that one 'group' wants a really strong password policy and the
'others' do not. Or, there could be political reasons.

HTH,

Cary



"Johnny Chow" <jchow10@comcast.net> wrote in message
news:uBXx%230IyEHA.3844@TK2MSFTNGP09.phx.gbl...
> I am still newbie. My company want to setup up branch office by using VPN

> through cable modem. The transfer speed is half megabyte. Should I setup
> as multiple domain or subdomain for the organization? Will the network
kill
> me if I install the subdomain controller at remote branch site? Any pro
or
> con will be appreciated.
>
> Thank you in advance,
>
> Johnny Chow
>
>

Archived from groups: microsoft.public.win2000.setup_deployment (More info?)

Scott,

Don't know. I guess that it is the job of the CIO ( or IT Director or
whatever the title is named ) to make sure that 'politics' are minimized.
It is simply foolish to think that 'politics' will never be a part of the
decision making process. It always will be. Just the way it is...and
always will be. Granted, it can be managed and minimized ( at least from
what I have seen ) but will always be present.

And it is too bad. Sometimes some really asinine policies are put in place
because some whinny little rat ( opps, that slipped! sorry! ) really wants
this or that...but there are always ways to eventually 'fix' that 'problem'.
Funny how upgrading an operating system often results in that 'fix'. I
guess it is just a matter of picking your battles ( which mostly consists of
knowing which battles to fight and which battles to avoid ).

Have a nice night and an even better tomorrow ( God willing! ).

Cary

"NIC Student" <nospam@nospam.land> wrote in message
news:eaAkiNNyEHA.1400@TK2MSFTNGP11.phx.gbl...
> Nice post, Cary. *sigh*, why is it always the political reasons that end
up
> making the decisions....???
>
> --
> Scott Baldridge
> Windows Server MVP, MCSE
>
>
> "Cary Shultz [A.D. MVP]"
> > Johnny,
> >
> > This is *usually* WINNT 4.0 thinking!
> >
> > You might want to look into Active Directory Sites and Services. By
using
> > "Sites" you can have one domain that has multiple physical locations.
> >
> > Also, you might want to post this to the Active Directory News Group.
You
> > can get a whole lot of information on this over there ( as well as in
> > here! ).
> >
> > Essentially what you will have will be 'yourdomain.com' spread out over
> > the
> > various physical locations. So, in a typical scenario you will have the
> > 'main' office and several 'remote' offices. You will typically want to
> > have
> > at least one Domain Controller in each of the remote offices ( well,
> > depending on how many users are going to be there ) and two in the
'main'
> > office. You will have to consider the location of the Global Catalog
> > Servers. You would *probably* want at least one Domain Controller in
each
> > Site to be a GC.
> >
> > You will need to set up the Sites in the Active Directory Sites and
> > Services
> > MMC. You will notice that you have one already ( the
> > Default-First-Site-Name ). If you would like you can rename it. You
need
> > to create the Subnets ( i.e., 192.168.1.0 / 24 ) and then associate
each
> > Subnet with the appropriate Site. You will need to create the Site
links.
> >
> > So, how does this work? Well, in Active Directory there are two ways
that
> > things replicate: Intra-Site ( all Domain Controllers in the same Site
> > replicate with each other ) and Inter-Site ( where one Domain Controller
> > from each Site is designated as a Bridgehead Server and the BHS from
Site1
> > replicates with the BHS from Site 2 - at this point the Intra-Site
> > replication happens....).
> >
> > Are there any reasons why you would want to have child domains?
Usually
> > the reason is that one 'group' wants a really strong password policy and
> > the
> > 'others' do not. Or, there could be political reasons.
> >
> > HTH,
> >
> > Cary
> >
> >
> >
> > "Johnny Chow" <jchow10@comcast.net> wrote in message
> > news:uBXx%230IyEHA.3844@TK2MSFTNGP09.phx.gbl...
> >> I am still newbie. My company want to setup up branch office by using
> >> VPN
> >
> >> through cable modem. The transfer speed is half megabyte. Should I
> >> setup
> >> as multiple domain or subdomain for the organization? Will the network
> > kill
> >> me if I install the subdomain controller at remote branch site? Any
pro
> > or
> >> con will be appreciated.
> >>
> >> Thank you in advance,
> >>
> >> Johnny Chow
> >>
> >>
> >
> >
>
>

Archived from groups: microsoft.public.win2000.setup_deployment (More info?)

Johnny,

A couple of things:

-It is almost always a good idea to have two of everything! So, yes, it
would be advantageous to have two Global Catalog Servers,
-the recommendation does not really apply if you have only one domain -OR-
if you make all of your DCs Global Catalog Servers,
-the Schema Master role is an Forest-wide Role and is held by only one DC in
the entire Forest - regardless of the number of Sites,
-the Infrastructure Master role is a Domain-wide role and is held by only
one DC in each Domain, regardless of the number of Sites.

HTH,

Cary

"Johnny Chow" <jchow10@comcast.net> wrote in message
newsuQt64uyEHA.3368@TK2MSFTNGP15.phx.gbl...
> Thank you Cary,
> I awared the global catalog hold the part of replicate AD and
> authentication. I built two DC at main office and followed Microsoft
> recommendation not to setup infrastructure master and GC on the same
server.
> One day GC server crashed on me then user ID could not authenticate. Does
> this mean I need to have minimum of two GC servers and one DC server as
> schema and infrastructer master on each site to have fault tolerance?
>
> Regards,
>
> Johnny Chow
>
> "Cary Shultz [A.D. MVP]" <cwshultz@mvps.org> ¦b¶l¥ó
> news:unMvKdTyEHA.908@TK2MSFTNGP11.phx.gbl ¤¤¼¶¼g...
> > Scott,
> >
> > Don't know. I guess that it is the job of the CIO ( or IT Director or
> > whatever the title is named ) to make sure that 'politics' are
minimized.
> > It is simply foolish to think that 'politics' will never be a part of
the
> > decision making process. It always will be. Just the way it is...and
> > always will be. Granted, it can be managed and minimized ( at least
from
> > what I have seen ) but will always be present.
> >
> > And it is too bad. Sometimes some really asinine policies are put in
> place
> > because some whinny little rat ( opps, that slipped! sorry! ) really
wants
> > this or that...but there are always ways to eventually 'fix' that
> 'problem'.
> > Funny how upgrading an operating system often results in that 'fix'. I
> > guess it is just a matter of picking your battles ( which mostly
consists
> of
> > knowing which battles to fight and which battles to avoid ).
> >
> > Have a nice night and an even better tomorrow ( God willing! ).
> >
> > Cary
> >
> > "NIC Student" <nospam@nospam.land> wrote in message
> > news:eaAkiNNyEHA.1400@TK2MSFTNGP11.phx.gbl...
> > > Nice post, Cary. *sigh*, why is it always the political reasons that
> end
> > up
> > > making the decisions....???
> > >
> > > --
> > > Scott Baldridge
> > > Windows Server MVP, MCSE
> > >
> > >
> > > "Cary Shultz [A.D. MVP]"
> > > > Johnny,
> > > >
> > > > This is *usually* WINNT 4.0 thinking!
> > > >
> > > > You might want to look into Active Directory Sites and Services. By
> > using
> > > > "Sites" you can have one domain that has multiple physical
locations.
> > > >
> > > > Also, you might want to post this to the Active Directory News
Group.
> > You
> > > > can get a whole lot of information on this over there ( as well as
in
> > > > here! ).
> > > >
> > > > Essentially what you will have will be 'yourdomain.com' spread out
> over
> > > > the
> > > > various physical locations. So, in a typical scenario you will have
> the
> > > > 'main' office and several 'remote' offices. You will typically want
> to
> > > > have
> > > > at least one Domain Controller in each of the remote offices ( well,
> > > > depending on how many users are going to be there ) and two in the
> > 'main'
> > > > office. You will have to consider the location of the Global
Catalog
> > > > Servers. You would *probably* want at least one Domain Controller
in
> > each
> > > > Site to be a GC.
> > > >
> > > > You will need to set up the Sites in the Active Directory Sites and
> > > > Services
> > > > MMC. You will notice that you have one already ( the
> > > > Default-First-Site-Name ). If you would like you can rename it.
You
> > need
> > > > to create the Subnets ( i.e., 192.168.1.0 / 24 ) and then associate
> > each
> > > > Subnet with the appropriate Site. You will need to create the Site
> > links.
> > > >
> > > > So, how does this work? Well, in Active Directory there are two
ways
> > that
> > > > things replicate: Intra-Site ( all Domain Controllers in the same
Site
> > > > replicate with each other ) and Inter-Site ( where one Domain
> Controller
> > > > from each Site is designated as a Bridgehead Server and the BHS from
> > Site1
> > > > replicates with the BHS from Site 2 - at this point the Intra-Site
> > > > replication happens....).
> > > >
> > > > Are there any reasons why you would want to have child domains?
> > Usually
> > > > the reason is that one 'group' wants a really strong password policy
> and
> > > > the
> > > > 'others' do not. Or, there could be political reasons.
> > > >
> > > > HTH,
> > > >
> > > > Cary
> > > >
> > > >
> > > >
> > > > "Johnny Chow" <jchow10@comcast.net> wrote in message
> > > > news:uBXx%230IyEHA.3844@TK2MSFTNGP09.phx.gbl...
> > > >> I am still newbie. My company want to setup up branch office by
> using
> > > >> VPN
> > > >
> > > >> through cable modem. The transfer speed is half megabyte. Should
I
> > > >> setup
> > > >> as multiple domain or subdomain for the organization? Will the
> network
> > > > kill
> > > >> me if I install the subdomain controller at remote branch site?
Any
> > pro
> > > > or
> > > >> con will be appreciated.
> > > >>
> > > >> Thank you in advance,
> > > >>
> > > >> Johnny Chow
> > > >>
> > > >>
> > > >
> > > >
> > >
> > >
> >
> >
>
>