General discussion
-
CreatorTopic
-
November 10, 2005 at 6:00 am #2180188
child domain in a different state
Lockedby chris · about 16 years, 6 months ago
a quick question about creating a child domain.
having a single dc in chicago, is it possible to create a child domain in a different state without the use of vpn?
Topic is locked -
CreatorTopic
All Comments
-
AuthorReplies
-
-
November 10, 2005 at 7:43 am #3118302
Reply To: child domain in a different state
by cg it · about 16 years, 6 months ago
In reply to child domain in a different state
you could but the child domain and the main site would never obtain replication information between the two. Therefore user names, passwords, associated ACLs schema changes, distribution lists, security groups, blah blah would never be updated between the two. Therefore is someone from the remote site were to visit the main site their credentials, account wouldn’t be recognized.
If you can’t do a WAN link [even dial up] best to make it it’s own domain in the forest rather than a child of the root.
-
November 10, 2005 at 12:58 pm #3117796
Reply To: child domain in a different state
by cg it · about 16 years, 6 months ago
In reply to Reply To: child domain in a different state
well no what your asking isn’t impossible. Actually its a pretty easy thing to accomplish IF you have a WAN link and if your willing to have a DC with the GC role at the remote location which just happens to be a child domain. Replication between DCs can be scheduled at off hour times when bandwidth utilization isn’t such a problem.
-
-
November 10, 2005 at 7:56 am #3118289
Reply To: child domain in a different state
by chris · about 16 years, 6 months ago
In reply to child domain in a different state
the remote site currently has no domain structure. we’ve been using cisco routers to provide the vpn link, which is working fine. however, the downside is speed. each site is on a dedicated t1. the chicago site has 300+ users, with the north carolina office only having about 20. the traffic moving across the vpn is consuming quite a bit of bandwidth. we’re just trying to find a way to improve performance and still be able to get to shared drives in chicago.
-
November 10, 2005 at 12:01 pm #3117817
Reply To: child domain in a different state
by chris · about 16 years, 6 months ago
In reply to Reply To: child domain in a different state
the current setup is as follows.
remote location has a cisco 1700 providing the vpn link. the only other authentication other than what the vpn provides, is when they open outlook. my reasoning behind this, is being able to get in, service the customer and then get out. the time consumption comes with setting up one particular application they use, and setting up outlook for use with the chicago exchange servers. there are 5 exchange boxes and when i go to set up a new user, i have to guess which box they’re on. seems like what i’m asking is nearly impossible.
-
-
November 10, 2005 at 9:53 am #3118207
Reply To: child domain in a different state
by shaunjanzen · about 16 years, 6 months ago
In reply to child domain in a different state
I think it is important to point out that the child OU will be on the root server (Root of the Forest) that contains the FSMO roles. If you create a child domain it will be on your single DC in Chicago, not in another state. The users at your remote office will be authenticating to the DC in Chicago and therefore you will have to have some kind of WAN connection. This causes potential problems. If your WAN link or VPN goes down, remote users will not authenticate to the domain.
If you want to plan for redundancy you should have a DC in the remote office as well and then you could just have one domain and use OU’s to organize your AD structure instead of creating a child domain. Of course, due to the replication traffic betweeen DC’s, this would be most effective if you had half a T1 or better WAN connection. A cheaper solution, if you have ADSL at both locations, is to purchase 2 Cisco Pix 501 and create VPN tunnel. This is seemless to users and gives you a high bandwidth connection at a much lower cost than T1.
Hope this helps.
-
November 10, 2005 at 9:58 am #3118201
Reply To: child domain in a different state
by shaunjanzen · about 16 years, 6 months ago
In reply to Reply To: child domain in a different state
I would like to add that putting a DC in the remote office would help lower your bandwidth usage as well. From what you have said, all users in the remote office are authenticating in Chicago. With a local DC all authentication traffic would remain local.
-
-
November 10, 2005 at 1:05 pm #3117791
Reply To: child domain in a different state
by cg it · about 16 years, 6 months ago
In reply to child domain in a different state
see our comment above.
If you have Exchange in the main site and users at the remote site get their mail via the WAN link, might consider another Exchange or move one to the other office as well as having a DC with the GC role there. That probably would substantially cut down on WAN traffic by users checking their email every 5 minutes thus having to use the WAN link. Active Directory is a logical structure and not a physical structure. You can have a child domain in bumtule which is a also in the physical structure a site.
-
-
AuthorReplies