General discussion

Locked

active directory deployment in 34 places

By jailio ·
HI

I need to deploy an active directory infrastructure in more than 34 places. This places are not linked together and the way them use to have any comunication is through internet. Up to now every place works as individual domain
without any relationship between them, but now i need to change this.

Because i have only one server in every place and the connections are unreliable i took the decision of deploy one unique domain and stablish different sites in every place. Because i will work in native mode i decide to install in site a Global catalog and to avoid the replation traffic during working hours i decide to create schedule to make replications at night.

At the begining i want to create an active directory infrastructure with multiple domains and stablish a central place that will hold the forest root, but when i read about the fact that you cannot install a global catalog and an infrastructure master in the same machine i
change my mind and to change the desing for this that i just explain to you

Now i am worry about the fact that i will have only one PDC emulator in this unreliable network and i don't know if i will have some trouble with my decision.
I need advices about this issue, because i need to begin
soon my deployment and i am not sure if a took the right
decision.
Jaime Vuelvas

This conversation is currently closed to new comments.

5 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

active directory deployment in 34 places

by Shanghai Sam In reply to active directory deployme ...

It sounds like you are going down the correct path especially as far as the placement of Global Catalog servers. I think though that wherever you got the info about not being about to place a Global Catalog server on the same machine that is the infrastructure master may be in error or the info may have been incomplete. I found the following note in the Win2k Server Resource Kit documentation:

"Note
The infrastructure master role needs to be held by a domain controller that is not a Global Catalog server. If the infrastructure master role is held by a domain controller that is a Global Catalog server, cross-domain object references in that domain will not be updated. If all domain controllers in a domain are Global Catalog servers, it does not matter which domain controller holds the infrastructure master role."

The key here is the final sentence as this would be the case with a single server domain. One thing I have found with MS design documentation is they tend to slant it towards implementing multiple DCs with different roles in a given domain.

Hope this helps and I hope you aren't too far along to change back to original plan (which was sound).

Collapse -

active directory deployment in 34 places

by jailio In reply to active directory deployme ...

Poster rated this answer

Collapse -

active directory deployment in 34 places

by ustutz In reply to active directory deployme ...

Either approach should work. If you go with multiple domains, you'll have the flexibilty of allowing local domain admins at your remote locations.

How are you communicating across the internet? VPN? Be aware that this adds another level of complexity to your security (ADS) infrastructure. I.e., any connectivity problems might be either a VPN problem or a ADS problem. You guess which. :-)

Beware about one thing when you set replication to occur only at night: During the deployment specifically, when you make a change in one location (e.g., change password or unlock account) that change will not replicate until that night.

Microsoft says that "emergency replication" - such as changing a password - will occur at any time. But, when you disable replication during a certain time period, you disable it completely. Only if you reduce the replication frequency, will you still allow emergency replication.

Collapse -

active directory deployment in 34 places

by jailio In reply to active directory deployme ...

Poster rated this answer

Collapse -

active directory deployment in 34 places

by jailio In reply to active directory deployme ...

This question was closed by the author

Back to Windows Forum
5 total posts (Page 1 of 1)  

Related Discussions

Related Forums