Remote site help

[Steve Gould]

I have 3 remote labs, as well as my local domain, with around 8 computers in
each remote lab. We are replacing all of the lab computers with brand new
machines running XP Pro. The machines will be prepared here in our
headquarters then shipped out. The labs all have a LAN for file and printer
sharing. Currently we have no WAN link with the labs. One lab has finally
established a broadband connection and now has Internet access while the
others have no broadband services in their areas.

I want to allow for future growth and would like to make all the new
machines members of our domain incase we create a WAN in the future. I am
concerned, though, because none of the machines will ever be able to
validate to a DC from the remote labs until we set up a WAN, if ever.

Are there any long term issues with this plan? Can the machines go
indefinitely without validating to a DC (other than when I set up the
machines here).

 

[Nathan]

Your domain will ache for having orphan machine accounts.
This won't cause a problem except for the size and when
you bring on any new Domain Controllers. Will the lab LAN
have a server? If so then you will be talking about a
very broken forest. It would be better to have a DC at
each lab/LAN and then add them to our domain when they
come on to broadband. This prevents having any orphans
and makes linking them (and their authentication) a lot
faster in the future.

lab1.mydom.com - lab specific domain
hq.mydom.com - your central domain

When lab1.mydom.com gains access to the hq.mydom.com
domain, your users will be able to use hq.mydom.com when
you set up domain trust at lab1.mydom.com. Make all your
lab domains trust your home domain and you will be able to
administer each lab from your home site.

 

[Steve Gould]

Thanks Nathan,

They will have only a workstation that shares a printer and some file
shares. Nothing more. We are talking about 4 total computers in each lab now
that I have worked out the details. I worried about the orphan issue, but I
can't think of any other way that makes more sense with our budget (none).

Steve

 

[Cary Shultz [A.D. MVP]]

Steve,

As it stands, you will have a workgroup environment in each of the three
remote labs. I do not see a problem with this unless the total number of
computers in each remote labs approach the magic number of 10 computers.
Then it starts to become a little messy - possibly. It all depends on what
they are doing there. For example, we take care of a couple of doctor's
offices where there are about 25 computers running WIN98SE in a workgroup
mode. It seems to be a workable solution for what they do....Not
necessarily the most advised way to do things but it does work!

You do not mention if the users have local accounts or domain user account
objects ( or both )....

What is the importance of adding the machine account objects to the domain?
Do you have some GPOs that are assigned to computer account objects? If
there is no outside connectivity in each of the three labs ( okay, one of
them finally has it - but that is currently a simple Internet connection )
then this argument does not hold any water. And then there is the slow link
issue ( which you can define )....Possibly an argument later on down the
road.

Some ideas to consider:

1) when they have Internet connectivity things open up for you. You *could*
set up a Site for each lab location and put a Domain Controller in each
Site. This way the computer account objects could be joined to the domain.
You would also make most if not all of the domain resources available to
them. This is one solution to consider. However, it does require that you
have additional hardware at each Site ( the Server as well as a Firewall
that allows for VPNs ). Probably not within your budget!

2) you could also install a Terminal Server in the central location and all
of the users in the labs could connect to that TS. WIN2003 Terminal Server
is a really nice thing. It is approaching Citrix ( well, in some aspects ).
However, again, this requires additional hardware that might not be within
your budget. Also, as the number of users increase you will possibly need
to add an additional Terminal Server. However, this depends on what
applications they would be running. There are some applications - like
AutoCAD, for example - that are not really TS friendly.

I am sure that there are other possibilities. You can still set things up
so that the computer account objects are indeed members of the domain. You
will need to have the outside connectivity first and then some sort of VPN
( Firewall-to-Firewall ) from each lab to HQ second. You would have to deal
with the authentication across the WAN. This does not have to be a problem,
though. Usually not recommended but not necessarily a problem. Not what I
would do, but you have to make the best of your situation.

Also, I would not suggest making each lab it's own sub-domain once you
finally do have the outside connection in place UNLESS there is a very good
reason for this. I would typically suggest that you create a Site for each
lab and keep it at one domain....But, you would need to give us some
specifics before we could really make any valid suggestions.

HTH,

Cary