ad design question

P

paisher

Hello,

I'd like to have some people's opinion on AD design. What
to do, if active directory has to be implemented over 100
different locations with an average of 30 users per
location. One domain would be a dream, as approx. 30
percent of the locations are connected by slow sattelite
links. All other connections are able to connect AD sites
with the replication of AD and exchange. So i thought a
forest with a domain for each location devided in sites
and one exchange organization with routing groups could
help. The number of users per location isn't my worry,
but the fact that 130 domains have to be created, managed
and replicated individually is. Would that high number of
domains make a lot of replication traffic? I'm concerned
about the replication that global catalog servers will
make for forest-wide replication. Did anyone use SMTP to
replicate from sites with a bad connection? Any comment
is welcome.
..
 
L

Laura E. Hunter \(MVP\)

The nice thing about AD is that your logical structure (domains) doesn't
necessarily need to mirror your physical structure (sites). You can have a
single domain composed of a single site, a single domain containing multiple
sites, or a single -site- containing multiple -domains-. For the small
number of users that you're describing in each location, my first response
would be to create a single domain with multiple sites to control
replication traffic between the locations with slow connections. If you
need to delegate administrative authority or roll out specific software or
settings to the different locations, you can always use OUs and Group
Policy.

For the global catalog question - the best practice is to have a GC at each
site, since your clients require one to log on and will need to hit a remote
GC if the local one is unavailable. This is something that only you can
answer, though, since it may not be ideal to place a DC at a remote location
for no other reason than to act as a GC. (Or it might -be- ideal, if your
WAN links are unreliable. It depends on your individual configuration.)
 
M

Matjaz Ladava [MVP]

I still think, that One domain would be your choice, as you can control your
AD replication trough replication scheduling. Can you give some numbers
regarding connection speeds. Are you planning to have a DC in each of this
locations ? SMTP replication is not possible within domain, as you can't
replicate SYSVOL partition this way (only schema and configuration
partition) and SMTP replication is slower than RPC.


--

Regards

Matjaz Ladava, MCSA, MCSE, MCT, MVP
Microsoft MVP Windows Server - Active Directory
(e-mail address removed), (e-mail address removed)
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

AD Site Topology 8
Innundated with 1864 and 1862 replication errors after introduction of "lag-site" (longish) 0
AD Forest replication Question 9
bridgehead server for two sites with two domains. 3
Site link bridges always needed? 2
New AD DC cannot be seen by other Domains in Forest 7
AD Design Question 7
SMTP Replication between Sites 3

Top