Is this the ideal solution for a new branch office?

G

Guest

I am helping a client setup a new branch office. They want to setup the new
branch with one domain controller which will be a member of the domain that
is the main HQ instead of creating a child domain for the branch office.
Replication will be via an ISA2004 box on each location using the
site-to-site VPN option. Each site has a 2mb broadband connection.

My plan is to create the new DC on the HQ sites LAN, make it a Global
catalogue server, install DNS and then force replication. I would then
create a new site for the branch office and its subnet. Change the branch DC
IP information to the new information and then ship the DC to the new site.
I then plan on joining the branch ISA server to the domain and configuring
for site-to-site VPN connectivity to allow replication(I know that was a bit
vague but you know what I mean).

Does this solution sound fine, does anyone foresee any problems? Will there
not be issues with the fact that FSMO roles will be split over physical
connections over what is probably not classed as a good connection? Would it
be better to set the new site up as a child domain?
 
R

Ryan Hanisco

This is the configuration that I use under these circumstances. Take a look
at the Microsoft Branch Office Deployment guide. You'll not need the
staging and scripting part of this as you are only rolling out one site, but
take a look at it for the design considerations.
 
G

Guest

Sounds like a plan. Design wise, it is still advisable to keep the number of
AD domains down and as simple as possible.

Make sure that the branch office's only DC has its primary and secondary DNS
entries pointing to itself and the HQ's DC respectively. This assumes that
you are using AD-integrated DNS on the DCs in the domain.

This setup works fine although managing GPOs outside the AD site where the
PDC Emulator resides will likely be slow i.e. the branch office DC. One
workaround is to use Terminal Service to access the PDC provided that your
corporate's security policy allows that.

Do let us know if this helps. Thanks!
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Single domain AD with many separated offices 9
Replication Topology Problems 1
Branch Office Server 4
Can't authenticated with the DC on branch 2
Relocating DC to Another Branch Office 1
Site link bridges always needed? 2
Deploy AD to Branch Office 0
How long a DC can be down? 7

Top