Making Vista PC a member of domain-Profile

[Mike]

Hi,

I need to go to a branch office and make several Vista machines members of
our corporate domain (they were set up as stand alone machines because we did
not a a VPN at the branch office, but now we do). When I make the machines
members of the domain, what issues will I run into copying profile settings
(documents, printers, etc) into their domain account from their non-domain
account.

Thanks,

Mike

 

[Mark L. Ferguson]

Your only problems will come from additional settings made to their registry
or Policy (see GPEDIT.MSC) Your domain GPO should set all entries to
over-ride everything else. If all else fails, I would try creating a new
user account, and test it.

 

[Kerry Brown]

How fast is the VPN? Do you have a domain controller at the branch office?
Have you successfully joined XP computers over the same VPN? Connecting
computers to an active directory domain can be a recipe for disaster which
has nothing to do with Vista.

If you are using a standard DSL or cable Internet connection for the VPN you
will run into speed problems with using Active Directory over a slow
connection unless you have a domain controller at the branch office. I
highly recommend you make sure the underlying infrastructure can support
active directory before you do this. Joining a branch office to a corporate
network is not as easy as just establishing a VPN.

As far as joining Vista computers to the domain here are some links that may
help.

http://technet2.microsoft.com/Windo...1fc6-4edf-847f-d4be4305516a1033.mspx?mfr=true

http://technet.microsoft.com/en-us/library/bb742618(TechNet.10).aspx

As long as you are not using roaming profiles and the AD domain is at the
2003 level and up to date you shouldn't run into any problems joining a
Vista computer to the domain as long as the underlying network
infrastructure is sound. Getting the VPN routing, DNS, NETBIOS, etc.
configured so active directory works over it may give you fits. Vista itself
shouldn't be a problem.

 

[Kerry Brown]

Have you successfully joined XP computers over the same VPN? Connecting

computers to an active directory domain can be a recipe for disaster which
has nothing to do with Vista.

That should have read:

Connecting computers to an active directory domain "over a VPN" can be a
recipe for disaster which has nothing to do with Vista.

 

[Mike]

Kerry,

I have a T1 on my end and 6 Mb DSL on the remote site. I do not have a DC
at the branch office. I have not tried to join any PC's over this VPN at all.
No roaming profiles, and my domain is at the 2003 functional level. I am
running SBS 2003 with two additional DC's if that helps/makes a difference.
I have Sonicwall TZ-190 appliances on both ends. I established the VPN last
weekend, and have connected to remote printers and figured that making the
Vista machines join the local network would be fairly straightforward.
Currently these users connect to the home office via Terminal Services.
What would be your advice, give the infrastructure?

Thanks for the info and any additional advice.

Mike

 

[Kerry Brown]

It would all depend on the DSL connection. What's the uplink speed on the
DSL and how stable is it? If you are accessing a database then I'd
definitely stick with terminal services for that. If the VPN goes down there
is always the possibility of a corrupted database. RDP over the VPN gives
another layer of security above RDP over the Internet. I would try joining
one computer and see what kind of speed you get. I have tried this with 2.5
Mb DSL and with 4.0 Mb cable and it was too slow. There were a lot of
Kerberos errors as well. With a DC at the remote office it was acceptable.
You also might want to try joining a Vista computer at the main office just
to make sure there are no Vista related problems.

 

[Mike]

Kerry,

Thanks again for the reply. The DSL connection has been reliable from a
standpoint of outages, almost none in the year the we have used Bellsouth in
this location. I have a notebook that is already part of the domain and am
going to take it with me to see how it interacts on the VPN, with regard to
the main office network. Perhaps I should leave everything as is for the
users, and only use the VPN to look at issues at the remote office and RDP to
users machines when they have a problem. I only have 3 users at the remote
office, and a total of 30 employees altogether, if numbers matter to any of
this.

Thanks again!

Mike

 

[Kerry Brown]

The main headache with AD over a VPN is DNS. Without a DC at the remote
office you have to point the remote clients to a DNS server (most likely the
SBS server) at the head office and no other DNS servers. This means if the
VPN goes down the remote office will lose the ability to resolve DNS and
thus have no Internet access. You'll need to configure the DHCP server at
the remote office to give out the main office DNS server. You may also have
problems with network browsing over the VPN unless you have WINS servers at
both offices. With a fast, stable Internet connection and DNS working it's
possible without a DC. My experience has been without a DC at the remote
office it's not really usable. I have never had a connection as fast as
yours though. Let us know how it works out.