| Author |
Message |
msteinhoff
Guest
|
 Posted:
Mon Jan 17, 2005 6:14 pm Post subject:
AD Configuration |
|
|
I work for a retail company that has 12 locations spread throughout the U.S.
Each of these locations connects back to the Main Office via a hardware VPN
solution. Each of these locations is also it's own domain. so in essence I
have:
corp.com
store1.com
store2.com
store3.com
etc....
The previous network admin had no clue and has let all kinds of bad things
happen. Servers are not replicating, trusts are all screwed up, I could go
on and on. I have worked these problems for hoursa with no solution.
I am would like to centrally admin all of these locations from the main
office, and I am considering turning each into a child domain. The new
network would be:
server1.corp.com
store1.corp.com
store2.corp.com
store3.corp.com
Does anyone have input as to whether this is a good or bad idea? Reasons to
keep it the same? |
|
| Back to top |
|
 |
Al Mulnick
Guest
|
| Posted:
Mon Jan 17, 2005 6:14 pm Post subject:
Re: AD Configuration |
|
|
Goals as stated: Central administration
Some things to check:
Have you already read the branch office deployment guide? It's full of
information that would be useful to you. Depending on your requirements, you
may not need multiple domains, but rather mulitple sites. Depending on your
network topology (now or future) you may not need as many DC's. The reason
to keep those numbers low? Simplicity. With simplicity, comes reliability
and lower costs (often) than otherwise would be had. Forgetting expenses,
reliability is often worth it.
VPN's often have enough bandwidth, but keep an eye on available bandwidth
for those links and the amount of changes you intend to have. A retail
environment may have a high turnover if I had to guess, meaning that you may
have constant administration going on resulting in replication traffic.
Other traffic on the wire will take some bandwidth as well, so it's
important to watch that available bandwidth vs. the amount of bandwidth when
planning this out.
FWIW, I think you can and should do what you're saying. Trusts being
'screwed up' has me concerned since it would take a bit to do that.
Replication? What happened? Those kinds of things make it worth it to
streamline the architecture IMHO.
I'm assuming 2003 is the AD infrastructure here. It's a good idea to get to
2003 if not already there. Better replication and behaves better in a
branch office scenario like you describe.
Al
"msteinhoff" <msteinhoff@naturalretail.com> wrote in message
news:%23OnCE1J$EHA.2032@tk2msftngp13.phx.gbl...
| Quote: | I work for a retail company that has 12 locations spread throughout the
U.S. Each of these locations connects back to the Main Office via a
hardware VPN solution. Each of these locations is also it's own domain. so
in essence I have:
corp.com
store1.com
store2.com
store3.com
etc....
The previous network admin had no clue and has let all kinds of bad things
happen. Servers are not replicating, trusts are all screwed up, I could
go on and on. I have worked these problems for hoursa with no solution.
I am would like to centrally admin all of these locations from the main
office, and I am considering turning each into a child domain. The new
network would be:
server1.corp.com
store1.corp.com
store2.corp.com
store3.corp.com
Does anyone have input as to whether this is a good or bad idea? Reasons
to keep it the same?
|
|
|
| Back to top |
|
|
msteinhoff
Guest
|
| Posted:
Wed Jan 19, 2005 1:24 am Post subject:
Re: AD Configuration |
|
|
Thanks for the advice! I downloaded and read the Branch Office Deployment
Guide as you suggested. I do have some questions in regards to the way that
they have things setup. Is it necessary to separate ROOTDC and HQDC? i.e.
can I have a single server that acts as both? Our organization is not that
big to support the number of servers they are suggesting..9 total. I can
see having ROOTDC1,2 and HQDC1,2 being the same servers.
"Al Mulnick" <amulnick_No_SPAM@ncDOTrr.com> wrote in message
news:uMDe0nK$EHA.3472@TK2MSFTNGP14.phx.gbl...
| Quote: | Goals as stated: Central administration
Some things to check:
Have you already read the branch office deployment guide? It's full of
information that would be useful to you. Depending on your requirements,
you may not need multiple domains, but rather mulitple sites. Depending
on your network topology (now or future) you may not need as many DC's.
The reason to keep those numbers low? Simplicity. With simplicity, comes
reliability and lower costs (often) than otherwise would be had.
Forgetting expenses, reliability is often worth it.
VPN's often have enough bandwidth, but keep an eye on available bandwidth
for those links and the amount of changes you intend to have. A retail
environment may have a high turnover if I had to guess, meaning that you
may have constant administration going on resulting in replication
traffic. Other traffic on the wire will take some bandwidth as well, so
it's important to watch that available bandwidth vs. the amount of
bandwidth when planning this out.
FWIW, I think you can and should do what you're saying. Trusts being
'screwed up' has me concerned since it would take a bit to do that.
Replication? What happened? Those kinds of things make it worth it to
streamline the architecture IMHO.
I'm assuming 2003 is the AD infrastructure here. It's a good idea to get
to 2003 if not already there. Better replication and behaves better in a
branch office scenario like you describe.
Al
"msteinhoff" <msteinhoff@naturalretail.com> wrote in message
news:%23OnCE1J$EHA.2032@tk2msftngp13.phx.gbl...
I work for a retail company that has 12 locations spread throughout the
U.S. Each of these locations connects back to the Main Office via a
hardware VPN solution. Each of these locations is also it's own domain. so
in essence I have:
corp.com
store1.com
store2.com
store3.com
etc....
The previous network admin had no clue and has let all kinds of bad
things happen. Servers are not replicating, trusts are all screwed up, I
could go on and on. I have worked these problems for hoursa with no
solution.
I am would like to centrally admin all of these locations from the main
office, and I am considering turning each into a child domain. The new
network would be:
server1.corp.com
store1.corp.com
store2.corp.com
store3.corp.com
Does anyone have input as to whether this is a good or bad idea? Reasons
to keep it the same?
|
|
|
| Back to top |
|
|
Al Mulnick
Guest
|
| Posted:
Wed Jan 19, 2005 8:12 pm Post subject:
Re: AD Configuration |
|
|
From what I recall, the reason you would deploy a root domain in this
environment is based on the results of the planning guide. If you go
through the planning guide and find that you don't need a forest root, then
you could conceivably build a hub site from the HQ domain, right?
Available bandwidth is an important factor as is reliable bandwidth when
making these decisions. Then comes the process you expect to use to manage
this and then what your business model looks like. It's not impossible to
have a single domain all centrally located if your requirements dictate that
and your business/network can tolerate that.
It's possible you could have a single-domain-forest scenario that meets your
needs and you may need to deploy DC/GC servers to the branch sites.
All of those decision points are outlined in the planning guide. You'll
want to have a look at that before proceeding. As you read it, keep in mind
that most of your reasons for wanting to deploy a particular configuration
are likely going to be based on the way you want to manage it and the
business model you have to work with. Mergers/acquisitions, etc play a role
here.
Drop a note off-line if you need some additional help.
Al
"msteinhoff" <msteinhoff@naturalretail.com> wrote in message
news:Oxl5bRZ$EHA.208@TK2MSFTNGP12.phx.gbl...
| Quote: | Thanks for the advice! I downloaded and read the Branch Office Deployment
Guide as you suggested. I do have some questions in regards to the way
that they have things setup. Is it necessary to separate ROOTDC and HQDC?
i.e. can I have a single server that acts as both? Our organization is
not that big to support the number of servers they are suggesting..9
total. I can see having ROOTDC1,2 and HQDC1,2 being the same servers.
"Al Mulnick" <amulnick_No_SPAM@ncDOTrr.com> wrote in message
news:uMDe0nK$EHA.3472@TK2MSFTNGP14.phx.gbl...
Goals as stated: Central administration
Some things to check:
Have you already read the branch office deployment guide? It's full of
information that would be useful to you. Depending on your requirements,
you may not need multiple domains, but rather mulitple sites. Depending
on your network topology (now or future) you may not need as many DC's.
The reason to keep those numbers low? Simplicity. With simplicity,
comes reliability and lower costs (often) than otherwise would be had.
Forgetting expenses, reliability is often worth it.
VPN's often have enough bandwidth, but keep an eye on available bandwidth
for those links and the amount of changes you intend to have. A retail
environment may have a high turnover if I had to guess, meaning that you
may have constant administration going on resulting in replication
traffic. Other traffic on the wire will take some bandwidth as well, so
it's important to watch that available bandwidth vs. the amount of
bandwidth when planning this out.
FWIW, I think you can and should do what you're saying. Trusts being
'screwed up' has me concerned since it would take a bit to do that.
Replication? What happened? Those kinds of things make it worth it to
streamline the architecture IMHO.
I'm assuming 2003 is the AD infrastructure here. It's a good idea to get
to 2003 if not already there. Better replication and behaves better in a
branch office scenario like you describe.
Al
"msteinhoff" <msteinhoff@naturalretail.com> wrote in message
news:%23OnCE1J$EHA.2032@tk2msftngp13.phx.gbl...
I work for a retail company that has 12 locations spread throughout the
U.S. Each of these locations connects back to the Main Office via a
hardware VPN solution. Each of these locations is also it's own domain.
so in essence I have:
corp.com
store1.com
store2.com
store3.com
etc....
The previous network admin had no clue and has let all kinds of bad
things happen. Servers are not replicating, trusts are all screwed up,
I could go on and on. I have worked these problems for hoursa with no
solution.
I am would like to centrally admin all of these locations from the main
office, and I am considering turning each into a child domain. The new
network would be:
server1.corp.com
store1.corp.com
store2.corp.com
store3.corp.com
Does anyone have input as to whether this is a good or bad idea?
Reasons to keep it the same?
|
|
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in