sites and domain controller placement question

J

jamesd

Hi,

I am working on a project to migrate a NT4 domain to a windows 2003 AD
single domain. Currently the company has 1 head office and 34 branch
sites. The PDC is hosted at the head office and each branch site has a
BDC. There are 280 total users, no more than 10 at each branch site.

Each site is separated by a 64kbit kilostream to the head office,
there is no possibility of them being upgraded.

For other reasons, a windows 2003 server will be deployed to replace
each bdc at each branch site.

So far I have decided the following:

- 2 DCS at the head office, one a GC and primary DNS, other a
secondary DNS
- make each branch server a DC, GC and secondary DNS
- 34 sites each corresponding to the physical branch offices

I have been looking into replication traffic formulas, and used the
active directory sizer, I'm still a bit confused as to how I should
configure replication between sites. Should I let te KCC do it?

It is estimated that 50% of the 64kbit bandwidth will be available in
working hours. Adding/deleting/modifying objects will not be a regular
activity once the domain is in place. Password changes are likely to
be around 10 per week.

I know about the microsoft branch office guides, but would appreciate
some input from someone who has done something similar.

Thanks,

James
 
S

Simon Geary

One suggestion jumps out from this, don't install a Global Catalogue at each
branch office. With only 64k links to head office you don't want GC
replication sucking up precious bandwidth. Instead, use the much vaunted new
Windows 2003 feature called Universal Group Membership Caching. This negates
the requirement to have a GC present to check universal group membership
meaning your users can still log on but less bandwidth will be required.

http://www.microsoft.com/technet/tr...dowsserver2003/proddocs/entserver/gc_when.asp

Also consider using Active Directory integrated DNS instead of
primary\secondary zones. The DNS replication will piggy back on normal AD
replication and save on bandwidth again. In a similar vein, a caching only
DNS server would also keep bandwidth requirements down, you should check to
see if this would be useful for you.

For replication, you clearly have a hub and spoke model. If you have
reliable network statistics you can check when the WAN link is at its
busiest and configure no AD replication to occur then, only allow it at
quieter periods eg during the night or during lunch. If you let the KCC
decide for you it may decide to replicate during the morning rush hour when
everyone logs on and checks their email at the same time, meaning slow
logons for all. As you will not be creating a lot of AD objects all the time
restricting AD replication hours should have a minimal impact and you can
always fine tune it after everything is installed.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Single domain AD with many separated offices 9
Site link bridges always needed? 2
AD Forest replication Question 9
Is this the ideal solution for a new branch office? 2
AD Server removed but not demoted. 7
Missing DC in ADSS Default-first-site NTDS Settings 9
Replicating users between sites 2
New DC @ New Office 2

Top