Help with Active Directory Design

[Guest]

Hi Guys,

I am getting ready to deploy a 2000/2003 Active Directory Network
Infastructure. I am hoping to get some pointers as to what would be the best
practice to take into consideration when deploying this Network. The Design
is as follow:

-40 Servers at 40 Remote Sites
-Want to reduce the amount of bandwidth so it wont put alot of stress on the
link.


We were thinking of configuring 1 Forest for the whole enterprise . Setting
up the main Root Server as a Global Catalog. Then having all the 51 Servers
at each remote site configured as Additional Domain Controllers also being
Global Catalogs for Redundancy with an additional Server configured for
DNS/WINS for local authentication just in case the link goes down.

What do you all think of this setup. If so the main issue I am trying to
solve is having proper replication and login. If anybody has any pointers or
best practices please feel free to comment or make any suggestions.

 

[Tomasz Onyszko]

Esteban Rodriguez wrote:

(...)

DNS/WINS for local authentication just in case the link goes down.

What do you all think of this setup. If so the main issue I am trying to
solve is having proper replication and login. If anybody has any pointers or
best practices please feel free to comment or make any suggestions.

OK, the topology You've just described is not unusually - in one of my
networks I have over 300 branch offices with DC in each on very various
link between this offices and root site so 1 forest for this
organisation will be OK, and one domain also.

The best for You will be hub spoken topolgy when all your branch office
DCs are talking with central office. All Your 40 branch offices should
be placed in the separated sites, which will talk for replication with
the main office.

If You are concerned about replication traffic all what You have to care
about is proper configuration of sites and replication schedule. In this
design You have to meet two requirements:
- avoiding to many DCs replicating with root location at the same time
to, becouse this can consume to many of Your bandwidth
- time of your whole replication cycle cannot take too long.

You can control this by manually setting proper schedules on Your
replication links between branch offices and main site. Using schedul
You can be sure that no more then x branch offices DCs are talking to
main office at the same time and that whole cycle will end up in
specified time.

Remeber to have more then one DC in the root location (and root domain).

If You will have more then one server in the main office which can take
replication traffic try to load balance replication and set half of Your
DCs to replicate with one of main office DC and other half set to talk
with another DC in the main office. With many DCs in main office You can
alse introduce some redundancy by creating some additional links on
which replication will occur very rare but they will point site to
replicate with other server then usually, for example if DC11 (branch)
are talking usually to DC1 (main), once per day DC11 can try to
replicate to DC2 (main) in case that DC1 will be out of service.

Each branch office should be also Global Catalog but if this will be
pure Windows 2003 network You can take adventage of new feature which is
universal Group caching on the brnach offices DCs.

I hope thath this whole writing help You a little and answered to Your
question.

Take a look at branch office design guide for AD:
http://www.microsoft.com/downloads/...f6-a8a8-40bb-9fa7-3a95c9540112&displaylang=en
This is very usefull document

 

[Guest]

Hey Tomasz,

Thanks for you help. I don’t know if this makes a difference but that link
you provided me talks about 2003, if I will be deploying a pure 2000 Network
will this guide be a useful guide for 2000 as well. Also I am somewhat
confused when you talk about all of my 40 sites should be placed in the
separated sites. Should I still go ahead and configure my remote servers as
Additional Domain Controllers for the Primary Root Server ?

 

[Tomasz Onyszko]

Hey Tomasz,

Thanks for you help. I don’t know if this makes a difference but that link
you provided me talks about 2003, if I will be deploying a pure 2000 Network
will this guide be a useful guide for 2000 as well. Also I am somewhat

There is Windows 2000 version as well:
http://www.microsoft.com/windows2000/techinfo/planning/activedirectory/branchoffice/default.asp

confused when you talk about all of my 40 sites should be placed in the
separated sites. Should I still go ahead and configure my remote servers as
Additional Domain Controllers for the Primary Root Server ?

Yes, thath will be OK, these servers will be additional domain
controllers in your domain and will replicate through DCs (from this
domain) placed in the main location.

Sites will help You to manage replication traffic and when You assign
proper subnets to them will help your clients to localize local DC to
perform log on.