Announcement

Collapse
No announcement yet.

AD Branch Office infrastructure.

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • AD Branch Office infrastructure.

    Hello Techs,

    We have recently planned to implement the Server 2003 Active Directory environment.

    We have a head office and more than 200 branches. So, i have divided it in the Zones (i.e. East, West, North, South).
    As off now what i have prepared is mentioned below:

    There will be a DC and ADC at the Head office. Wherein 1st DC will have Forest wide roles, Gc and DNS.
    The ADC at Head Office will have Domain wide Roles and DNS.

    Also, as mentioned above, i have planned 4 servers, each at a particular Zone. All the Respective Zones will be a child Domains and it will hold Domain wide roles, DNS and Global Catalog.

    All the branches for the respective zones will be authenticating to the respective zonal servers.

    NOW..

    I really would like to have the comment and suggestions to correct me if i am wrong on this design or if i could design much better way..

    Please provide your valuable suggestions on the same.

    Awaiting Reply,

    Regards,

    Vicky

  • #2
    Re: AD Branch Office infrastructure.

    Why do you need multiple domains?
    Microsoft's advice is now NOT to use them unless you need specific password requirements

    You have not indicated how many users per site but unless it is a very few AND you have reliable VPNs, you would be strongly advised to have a DC at each site if you can, if not, in the major sites.

    TBH this is the sort of request that you should get a good consultant to help you with, advice you get here will be good but if anything goes wrong, who will get the blame?
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: AD Branch Office infrastructure.

      Thanks for your reply Ossian,

      I have to use the Multiple domains as the it is something line branch office environment. there are total around 7000+ users all over the country among 200 branches.

      Let me tell you the current plan:

      The Head office will have a Root domain (123.com)

      We have divided all the users in 4 parts with zones. All the users of the west zone branch will authenticate to the respective zone server (i.e. west.123.com) and the same will all the branches to their respective zones. This is because we do not want users to authenticate directly from the Head Office.

      "NOT to use them unless you need specific password requirements" ??????

      As far as Connectivity is concerned, we have 5 MPLS lines with the bandwidth of 4 MBps. These lines are to connect all the 4 zonal servers to the Head office.

      I Understand that in a scenarios, it is strongly advised to have a DC at each site. i think that it is my mistake. let me brief on the same.

      At Head Office: 123.com
      1st (DC) server with All the Forest Wide Roles, GC and DNS
      2nd (ADC) server will have the Domain Wide Roles and DNS, because the users at the head office will authenticate suing these servers.

      1st Zone server (i.e. at HOUSTON) : South.123.com (child domain)

      server no. 1 will have a domain wide roles, GC, and DNS. Wherein all the users of the branches for South region will communicate/Authenticate on these server.

      2nd Zone server (i.e. at Washington DC) : East.123.com (child domain)

      server no. 1 will have a domain wide roles, GC, and DNS. Wherein all the users of the branches for East region will communicate/Authenticate on these server.

      3rd Zone server (i.e. at Los Angeles) : West.123.com (child domain)

      server no. 1 will have a domain wide roles, GC, and DNS. Wherein all the users of the branches for West region will communicate/Authenticate on these server.

      4th Zone server (i.e. at Chicago) : North.123.com (child domain)

      server no. 1 will have a domain wide roles, GC, and DNS. Wherein all the users of the branches for North region will communicate/Authenticate on these server.


      I just need a comments on the same to make it better for planning and implementation.

      I agree that i will get really a good suggestions. however, i am not here to blame on anyone. As i am here to get the idea and to find the best suggestions to implement this environment. I am sure that you and all the users out here would have an amazing knowledge to provide me the best piece of informations and ideas.

      Comment


      • #4
        Re: AD Branch Office infrastructure.

        Yes, but you still havent answered the question about the need for multiple domains

        How many users do you have (typically) at a branch office?
        If you do not have a local DC, how are those users going to contact a DC to authenticate?

        I renew my suggestion about getting a consultant
        Tom Jones
        MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
        PhD, MSc, FIAP, MIITT
        IT Trainer / Consultant
        Ossian Ltd
        Scotland

        ** Remember to give credit where credit is due and leave reputation points where appropriate **

        Comment


        • #5
          Re: AD Branch Office infrastructure.

          Each zone will have an approx 50 branches (at different cities). each branch would have approx 10-25 people working. As of now we planned to connect all the branches to the Zonal Site server using VPN, WAN, etc.

          i really appreciate the hiring consultants for the same. However, it is again a matter of discussions with the management and they will have to decide. However, at least at the ground level, i wanna make out some strong plan and Architecture on the same.

          Comment


          • #6
            Re: AD Branch Office infrastructure.

            IMHO with 10-25 users, a local DC is an absolute MUST at the branch offices
            This can be virtual running on the same box as a physical file server or (if 2008 ) an RODC
            Tom Jones
            MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
            PhD, MSc, FIAP, MIITT
            IT Trainer / Consultant
            Ossian Ltd
            Scotland

            ** Remember to give credit where credit is due and leave reputation points where appropriate **

            Comment


            • #7
              Re: AD Branch Office infrastructure.

              I have to agree with Tom on this one. Keep your AD structure nice and simple and you'll be fine. Use your OU's to split things rather than domains.

              I also agree with having a DC on each site especially with the number of users involved.

              How is your MPLS connected?? Hopefully you have it meshed. If not then you can set your DC's to replicate with your head office.

              Comment


              • #8
                Re: AD Branch Office infrastructure.

                I Agree with all of your points..
                However, i have just designed an sample architecure on this. I have attached the same . Please have it checked and let me know.. if something needs to be modified/added or any of your vaulable suggestions on the same.
                Last edited by cnevikas; 29th July 2010, 07:29.

                Comment

                Working...
                X