Announcement

Collapse
No announcement yet.

Active Directory functionality

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Active Directory functionality

    Hi

    Scenarios

    I have a question around Active directory functionality. I would like to implement either 1 of the following configurations based on your expertise.

    1.Active directory infrastructure which could consists of an AD forest with a Parent Domain and Multiple child domains.

    2. Single Domain.

    Wan connectivity between the parent domain site and child domain sites is extremely problematic. The worst case scenario is that links that have gone down are restored a week later.

    What functionality will be (un)available if the child domain is unable to connect to the parent.
    Will users be able to logon at the child sites ?
    Will I be able to create users at child domains ?
    What is the length of time that links can be down for before Active Directory becomes corrupt or problematic ?

    Thanks
    Minesh

  • #2
    Re: Active Directory functionality

    Is this school work by chance??

    Comment


    • #3
      Re: Active Directory functionality

      HI

      This is planning for a corporate.

      I'm done with school ages ago

      Thanks
      Minesh

      Comment


      • #4
        Re: Active Directory functionality

        Ok. To answer your questions

        1. You will be unable to access resources on the parent domain.
        2. Yes they will.
        3. Yes you will.
        4. From memory its 60 days on Server 2000 & 2003 and 180 days in Server 2008 upwards.

        Comment


        • #5
          Re: Active Directory functionality

          Hi

          Thank you for your answers.

          I would like you advise on the best solution that can be implemented between parent/child domain versus single domain.

          The deciding factors are determined on WAN link availability (WAN links are down due to extreme weather conditions and maintenance ) and offline capabilities between the two.

          I would just like clarity on the following scenarios:

          In a single domain with 28 locations, with domain controllers on site, what will be the potential issues when the WAN links are down for weeks on end.

          Questions

          1. The main FSMO role goes offline ?
          2. What functionality will the other 28 domain controllers have ? Will I be able to create users/PC accounts, GPOs, timesync, etc ?
          3. Can you provide me with the period of time that users can logon to the domain from remote locations whilst the main FSMO role Domain controller is unavailable due to WAN maintanence.

          Scenario 2 : Child Domain structure

          In a parent/child domain with 28 child domains, with child domain controllers on site, what will be the potential issues when the WAN links are down for weeks on end and cannot connect to the parent domain.

          Questions

          1. The parent domain goes offline ?
          2. What functionality will the other 28 child domain controllers have ? Will I be able to create users/PC accounts, GPOs, timesync, etc ?
          3. Can you provide me with the period of time that users can logon to the child domain from remote locations whilst the main parent Domain is unavailable due to WAN maintanence.

          Thanks
          Minesh

          Comment


          • #6
            Re: Active Directory functionality

            Only real reasons now for child domains are
            a) Separation of admin duties
            b) Different password policies (and here you can use fine-grained password policies as an option)

            The normal reason is corporate politics, which should not come into things from an IT admin perspective

            As long as the WAN links have reasonable availability (so not going down for weeks at a time), I would Keep It Simple (S) and stick to a single domain
            Last edited by Ossian; 28th January 2015, 09:45.
            Tom Jones
            MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
            PhD, MSc, FIAP, MIITT
            IT Trainer / Consultant
            Ossian Ltd
            Scotland

            ** Remember to give credit where credit is due and leave reputation points where appropriate **

            Comment


            • #7
              Re: Active Directory functionality

              I agree with Tom.

              However if your sites will be online for "weeks" as you say then that would, for me, point to installing child domains.

              Maybe time to invest in getting a consultant in that can provide a more thorough guide than we can on the internet.

              Comment


              • #8
                Re: Active Directory functionality

                Just to add, I would invest in better WAN links - in the 21st century, down for "weeks on end" is not acceptable (unless you happen to own a fleet of nuclear submarines )
                Tom Jones
                MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                PhD, MSc, FIAP, MIITT
                IT Trainer / Consultant
                Ossian Ltd
                Scotland

                ** Remember to give credit where credit is due and leave reputation points where appropriate **

                Comment


                • #9
                  Re: Active Directory functionality

                  Originally posted by Ossian View Post
                  Just to add, I would invest in better WAN links - in the 21st century, down for "weeks on end" is not acceptable (unless you happen to own a fleet of nuclear submarines )
                  or you're in terrible, unreliable locations where's cost prohibitive to get anything suitable
                  Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

                  Comment


                  • #10
                    Re: Active Directory functionality

                    Originally posted by tehcamel View Post
                    or you're in terrible, unreliable locations where's cost prohibitive to get anything suitable
                    And I think Andy wins the prize. I believe a carry pigeon with a USB flashdrive attached to it was faster than the local Internet.
                    1 1 was a racehorse.
                    2 2 was 1 2.
                    1 1 1 1 race 1 day,
                    2 2 1 1 2

                    Comment

                    Working...
                    X