Easy question

[Netman]

Here is my question: What would be be easiest way to set up my network with
the following specifications:

1. Active Dir. at central location (45 users @ location)
2. There are two branch offices (1 with 15 users and another with 5 users)
3. There is no problem with replication


Can I have those two branch offices logon onto the central location instead
of putting a DC at each of those offices? Is this the concept of sites or
OU's?
thanks for the infor
MIke

 

[Tim Hines [MSFT]]

Take a look at the branch office deployment guide for an answer to that
question. Chapter 2 should answer your question. You can download it from
http://www.microsoft.com/technet/tr...nol/ad/windows2000/deploy/adguide/default.asp.

You could have the clients authenticate against the DC in the hub site but
that would generate a lot of traffic over the WAN.
I would probably place a DC in the site with 15 users. The site with 5
users could do without a DC. You will need to configure AD sites. If the
sites are configured correctly the clients will attempt to authenticate
against a DC within it's site as oppossed to going across the WAN to logon.
More info about site configuration can also be found in the guide.

--
Tim Hines, MCSE, MCSA
Windows 2000 Directory Services

=====================================================
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Jeff Overall]

Hi,
Yes, you can, and based on the small number of users in the branch sites, it
would be better to place the DCs in a central location rather than in each
branch. This is a site concept. I am assuming that you desire centralized
AD administration.


Cheers,

 

[Cary Shultz [MVP]]

-----Original Message-----
Here is my question: What would be be easiest way to set up my network with
the following specifications:

1. Active Dir. at central location (45 users @ location)
2. There are two branch offices (1 with 15 users and another with 5 users)
3. There is no problem with replication


Can I have those two branch offices logon onto the central location instead
of putting a DC at each of those offices? Is this the concept of sites or
OU's?
thanks for the infor
MIke


.

Mike,

You might want to look into Terminal Server Connections
for the two remote offices. Simply put up a Firewall-to-
Firewall VPN between "central" and "remote01" and another
VPN between "central" and "remote02" and a Terminal Server
in Central and away you go! We have a client who has
about 35 users here in Headquarters ( Roanoke ), six in
Blacksburg, six in Richmond and five in Raleigh. All
three "remote" offices make the TS connection to Roanoke
and it works very well!

However, to answer your question. In WIN2000 you could
set up an OU for each of the locations without having a DC
in each location. You do not even really need OUs for
this. The users in the "remote" offices would have to
authenticate over a WAN connection ( typically not a great
idea ). You would probably want a VPN set up as well.
You could also simply set up Sites with a DC in each Site
so that the users would authenticate against a "local" DC.

There is an outstanding article from Microsoft covering
the "Remote Office" situation. I wish that I had the link
for you.

Also, to clarify: Administrators make use of OUs for
managing suer / computer account objects. You can create
an OU, put user account/computer account objects in it and
then apply GPOs to that OU. Furthermore, Administrators
make use of Sites for managing AD Replication (
essentially ) and user logons ( closest DC ). I have
simplified this so it is not an all-inclusive list but
essentially this sums it up.

HTH,

Cary