No announcement yet.

Active Directory Between Geographic Regions

  • Filter
  • Time
  • Show
Clear All
new posts

  • Active Directory Between Geographic Regions

    Hello Folks,

    Everything right now works and is ok...looking for improvements, different way of doing it and how 2007/8 server could help.

    Have a location in US and one in Europe with Win2k3. Exchange 2003 is running in Europe. Have a one DC in each location.

    What's a good way of just managing users in a DC via Group Policy and not affecting everyone. In other words, I want to setup a Group Policy for passwords, etc and have it only affect the US users. Do I just do I just add US users to a Group and do GP on that Group?

    How do IT folks handle segrating roles and responsibilty when dealing with Global IT and Active Directory. Seperate Domain Controllers? But then still have to contend with Exchange.

    Planning on moving to Exchange 2007 in the next few months too.


  • #2
    Re: Active Directory Between Geographic Regions

    In Windows 2003 the domain is the boundary for password policy's. Windows 2008 is going to allow a more granular use of password policies which can be applied to groups but unfortunately 2003 off the shelf does not support this. I Believe there are 3rd party apps that will allow this functionality but I personally haven't used any before.

    If you want to have different policies for the US and Europe then it's either two seperate domains or use some 3rd party tools.

    Hope this helps

    Michael Armstrong
    MCITP: EA, MCTS, MCSE 2003, MCSA 2003: Messaging, CCA, VCP 3.5, 4, 5, VCAP5-DCD, VCAP5-DCA, ITIL, MCP, PGP Certified Technician

    ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **