General discussion


First time WAN project...

By jon ·
I have deployed Active Directory in Windows 2003 Server Enterprise edition on many occasion, but this is the first project that will involve multiple locations needing a single global catalog directory.

I believe that I need to know a few things about the network I'm building prior to diving in, such as how many users there will be at each location, what type of connection there will be at each location, etc.

Let's get all of that out of the way. I'm looking at 5 branch offices, one of them being a corporate headquarters, becoming part of a single domain.

There are approximately 250 users across the entire organization and currently, each branch is disjointed and independent of one another. There are currently either DSL or Cable Modem connections at each office with only Linksys routers, 10/100 hub/switch combinations, and no fiber.

Yep, I'm sorta starting from scratch.

The corporate headquarters is a network designer's dream as it still doesn't have drop-ceiling installed. It's a brand new corporate building and I have the run of the place to get setup properly.

1. If I were to recommend the type of connection to successfully run one AD controller where each branch would login and authenticate on that server through a WAN, what type of connection would I need and who provides that service?

2. Once I have the connections, what class of components or specific components (switches, routers, etc.) are going to be required to provide full manageability remotely and connect each branch.

3. I usually set the server at a single location to be with all of the workstations falling below it and all printers and routers/gateways above on a subnet of I need a bit of theory training on how IP addresses are incorporated into routers (only have small router experience like linksys) and how each branch router should be setup.

4. When will I need to deploy additional domain controllers to ensure smooth connections?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

by CG IT In reply to First time WAN project...

first with 250 users you shouldn't have just one DC to authenticate them all. Second you should haven't just one DC anyways. If it ever goes down, the whole network is down. Third, every morning 250 users will swamp the single DC trying to log in.

The old rule of thumb in DC placement is a site with just few users and no servers and is well connected doesn't need a Global Catalog. If a site isn't well connected stick a DC GC in there.

For managed switches and routers some opt for Cisco, some for less expensive options from Netgear, 3Comm, or other vendors. Often, budget dictates what you can get rather than whats the best to use.

Collapse -

by mm212 In reply to First time WAN project...

CG IT is correct. Just figured I'd throw in my 2 cents.

1. I'd look into getting a fractional frame T1 at each location, depending on the bandwidth needs and budget contraints. Contact your local phone company.

2. You will need a router and a switch at each location. Depending on exactly how your network is set up, you may want a file server at each location to serve up local shares. Documents (assuming a reasonable size) are fine to pull across the WAN, but you won't want to run any applications from a fileserver across the WAN.

3. Set up the WAN in one IP address space. This may mean using 172.16.X.Y with each location in its own subnet (X) with a subnet mask of There are a number of private IP ranges to use depending on the number of devices and subnets you will have. Be sure to plan ahead for growth. The router at each location will allow you to direct traffic across the WAN. Then give each server the same device IP per subnet (ie,, etc). Do the same for switches, network printers, workstations and whatever else.

4. You will want more than one dc to begin with. The question is how many. At your main location, have at least two. As for your remote locations it depends on how many users are at each location and if the location will serve as a central hub for point-to-point locations. To give you an example, on our network with 100 sites and 1600 users, our main site has three domain controllers. We have about 50 sites that have frame T1 connections to us. These sites do not have domain controllers. They use the central DCs. We also have about 20 hub locations that have the remaining 30 locations connected to them via point-to-point T1s. Each of the central hub locations has a DC in it that the sites that connect via point-to-points use to log in. Think of it as a modified hub-and-spoke topology. One central hub with many spokes, several outlying hubs with fewer spokes. Each hub has a dc.

Related Discussions

Related Forums