AD in WAN General Branch Office Configuration

By marcgade ·
Current network relies on Citrix for remote users, roughly 3 branches with an average of 13 users per branch. I'm bringing in a fiber conection at 6mb while the branch offices will still use 1.4 T1. I would like to remove them from the Citrix enviromnet and run WAN hardware w/VPN. Couple of questions.

Should I create OU in AD for these branches and have them authenticate to a server in the branch or is there really not much traffic with authentication in AD and have them authenticate to the main office.

Would you recommend having a print server at the branches or have the individual map directly to the printer with a tcp/ip port?

Any other suggestions would be apprecitated, i've read a few white papers which are considered "Best Pratices" and I'm not fully convinced. I've always taken the philosphy of less is more in regards to IT. Not sure how complicated I want to make this WAN with multiple domain controllers and O/U's and of course runnin remote servers and having to worry about DRC for these branches.

Thanks in advance for the help!!!!!

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

AD in WAN General Branch Office Configuration

by ashish.niceboy In reply to AD in WAN General Branch ...

1. Firstly having centralized AD is good for security but is more of problem if server goes down or WAN link disconnected. in my view you should place ADC on Every branch, organise users into Global group then place them into OU, that way if anything goes wrong daily working may not be affected much + management will be quite eased up.

2.Printer requirment is related with the local users thus authentication related to them should be controlled locally via DL group. any policy regarding uses of printer can here be controlled by organizing them in OU

Collapse -

is your question on Infrastructure or Active Directory?

by CG IT In reply to AD in WAN General Branch ...

from you question, it sounds like you want info on infrastructure but you throw in there OUs and AD.

Active Directory is a logical structure [like an organizational chart] while infrastructure is a physical setup.

If your question is about both, not enough information to answer. Active Directory can be complex so for someone to say yeah sure create a OU for a site doesn't take in consideration if you have sites or child domains, what and how the OU structure was laid out and if this fits within that framework.

Best Practice in W2K days was with infrastructure [physical layout] if there aren't any servers and low # of users [5 or so] and you have a reliable WAN link that is not over utilized you don't need a Global Catalog at sites. Today, with the many different options and low cost available for WAN links, "Best Practice" is what will work for your network administratively,financially, and securely within the Active Directory structure you have. That could be "sites" with their own servers [not to be confused with AD sites] or a central HQ hosting all services.

Related Discussions

Related Forums