General discussion


Setup network for U.S. and China locations

By dave ·
Our manufactuing facility is in the U.S. The servers run Windows 2003 std and enterprise editions. I also have an Exchange 2003 front end / back end topology running. It's a pretty straight up configuration, 1 active directory domain.

We are going to open an office in TanJin, China and want to administer their network (which will be a new implementation) from our U.S. location for the most part. A VPN tunnel will be setup between the two locations.

Our current domain is Our China location will be I'm seeking suggestions on an effective way to set this scenereo up. I could make their network completely independent of ours and control it via remote access which will mean in addition to 2003 server, I will also have to purchase exchange server for their location or possibally setup multiple domains or forests on my domain controller and within my Microsoft Exchange?

Let me know if you have 1st hand experience with this or any effective solutions.


This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

Your domain naming scheme for China is wrong

by Why Me Worry? In reply to Setup network for U.S. an ...

Your China location should be a child domain of your root domain, thus, to be part of the same Active Directory and DNS namespace. I am assuming you are looking to keep the China location within the same Active Directory Forest and domain tree structure. Also, since Windows 2003 allows for cached credentials, you won't need to deploy a global catalogue server in China as you would have under a Windows 2000 server environment. As far as Exchange is concerned, you don't need to setup a new forest and such. China will be a new routing group within your existing domain structure, which is why I am proposing making and not, which would be a totally different DNS and domain heirarchy. Keep it simple and don't overcomplicate things. All you need is a single forest, a root domain (, and a child domain for the China location ( The Exchange server in China will be a member of the, which would automatically have rights to the root domain due to the inherent two way trust relationships in Windows 2003.

Collapse -

Renaming a current domain

by dave In reply to Your domain naming scheme ...

That will uncomplicate things, making administration much easier within active directory. I wish the individual that named our existing domain (before my time with this company) had put a little more thought into the domain name. The current domain name is headquarter.glenmarteng1 so China's domain will be cn.headquarter.glenmarteng1, Mexico will become mx.headquarter.glenmarteng1 and so on. I would rather it be a shorter, more concise domain name such as, and but probably only know about 1/2 of the problems I will run into by renaming the existing domain.

Thanks for the quick reply;


Collapse -

Windows 2003 forest functional role allow for domain renames...but

by Why Me Worry? In reply to Renaming a current domain

be very careful with that because keep in mind that the SIDs' and GUIDs' are tied to the domain name and the domain naming master FSMO role. You may want to give MS tech support a ring and find out what the risks involved in renaming a domain so as not to screw yourself if you do have to rename domains. The previous admin was a complete dumbass for naming the domains the way he did. I bet he was one of them so called "Paper MCSEs'" with no practical experience in this stuff.

Collapse -


by joel_is In reply to Setup network for U.S. an ...

A little (okay... a lot) off topic, but what kind of speeds between the China and US location are you seeing over VPN?

Anyone else with a similiar setup feel free to jump in.

Thanks in advance

Collapse -

Speed? not seeing it yet..... but

by dave In reply to Speed?

Hey Joel;

I haven't made any VPN connection to China yet. Project was put on hold. I did start using an outfit there in Kansas called Positive Networks. They are a 3rd party VPN provider for mobile users and site to site.

I am using both types of connections. My site to site connector is connecting our office here in Missouri with our office in Mexico City and the speed, although I haven't run any diags on it is very fast. The connector costs us 99 bucks a month and they maintain all of the hardware.

I do have a control panel which also provides some reporting features. My mobile users can have NTLM authentication which coinsides with my Active Directory or I can set unique passwords. I add, remove, activate and deactive individual users that I have setup in unique "groups" within the positive networks management console and I can apply diffent rules to individual users or to these VPN groups.

One important thing, considering China. If you set up a link between the U.S. and China utilizing Positive Networks, All of the traffic inbound to China will look like HTML traffic, thus bypassing (I haven't personally tested this yet) the GFWC (Great Firewall of China)

Related Discussions

Related Forums