none
Active Directory Branch Office Setup

    Pregunta

  • I have a AD forest running Server 2008 R2 with an exchange server 2007.

    The domain/forest functional levels are 2003.

    I have to now create new branch offices about 5 of them in different cities.

    All of them are in a different subnet scheme and are all are interconnected via VPN tunnels setup on an appliance.

    The following is what is on my task list. 

    1. Install/Create/configure branch office servers as DC/GC.

    2. Create Trusts between the Parent and Branch Sites.

     

    Is there any additional steps that I will need to configure like Replication, configure sites and services etc.

    Setup any additional steps to ensure all branch offices and the head office are in Single Forest and interconnected. I do not use DFS, SharePoint. Exchange is on the HeadOffice and mailboxes are accessed via the tunnel.

    Any references on How to's and guidance is highly appreciated.

    viernes, 20 de enero de 2012 2:27

Respuestas

  • Hi.
    You may want to use RODCs (Read-Only Domain Controllers) at your branch
    offices, I would recommend:
     
    Read-Only Domain Controller Branch Office Guide
    http://technet.microsoft.com/en-us/library/dd734758(WS.10).aspx
     
    Understanding Planning and Deployment for Read-Only Domain Controllers
    http://technet.microsoft.com/en-us/library/cc754719(WS.10).aspx
     
    1. You can still make the RODCs, GCs and DNS servers - which I recommend.
     
    2. You don't need to configure any trusts as long as you don't create an
    other forest, I suggest that you deploy the branch office RODCs/DCs within
    the same domain, if you don't have a very specific reason to create
    additional domains.
     
    You need to configure sites and services and create new sites corresponding
    to each of the branch offices physical locations, create subnets for each
    physical site (subnets that are being used at the particular site/branch
    office) and assign them to the corresponding Active Directory site.
     
    Checklist: Configure an Additional Site:
    http://technet.microsoft.com/en-us/library/cc730718.aspx
     
     
     
    ----------------------------------------------------------
    Regards
    Christoffer Andersson – Principal Advisor
    Enfo Zipper
     
    "Acrodexer" wrote in message news:a638b99f-8d7e-4f04-a669-c09acd8d4ce8...
     
    I have a AD forest running Server 2008 R2 with an exchange server 2007.
     
    The domain/forest functional levels are 2003.
     
    I have to now create new branch offices about 5 of them in different cities.
     
    All of them are in a different subnet scheme and are all are interconnected
    via VPN tunnels setup on an appliance.
     
    The following is what is on my task list.
     
    1. Install/Create/configure branch office servers as DC/GC.
     
    2. Create Trusts between the Parent and Branch Sites.
     
     
     
    Is there any additional steps that I will need to configure like
    Replication, configure sites and services etc.
     
    Setup any additional steps to ensure all branch offices and the head office
    are in Single Forest and interconnected. I do not use DFS, SharePoint.
    Exchange is on the HeadOffice and mailboxes are accessed via the tunnel.
     
    Any references on How to's and guidance is highly appreciated.
     
     

    Enfo Zipper Christoffer Andersson – Principal Advisor
    • Marcado como respuesta Bruce-Liu martes, 24 de enero de 2012 15:54
    viernes, 20 de enero de 2012 13:25

Todas las respuestas

  • Hi.
    You may want to use RODCs (Read-Only Domain Controllers) at your branch
    offices, I would recommend:
     
    Read-Only Domain Controller Branch Office Guide
    http://technet.microsoft.com/en-us/library/dd734758(WS.10).aspx
     
    Understanding Planning and Deployment for Read-Only Domain Controllers
    http://technet.microsoft.com/en-us/library/cc754719(WS.10).aspx
     
    1. You can still make the RODCs, GCs and DNS servers - which I recommend.
     
    2. You don't need to configure any trusts as long as you don't create an
    other forest, I suggest that you deploy the branch office RODCs/DCs within
    the same domain, if you don't have a very specific reason to create
    additional domains.
     
    You need to configure sites and services and create new sites corresponding
    to each of the branch offices physical locations, create subnets for each
    physical site (subnets that are being used at the particular site/branch
    office) and assign them to the corresponding Active Directory site.
     
    Checklist: Configure an Additional Site:
    http://technet.microsoft.com/en-us/library/cc730718.aspx
     
     
     
    ----------------------------------------------------------
    Regards
    Christoffer Andersson – Principal Advisor
    Enfo Zipper
     
    "Acrodexer" wrote in message news:a638b99f-8d7e-4f04-a669-c09acd8d4ce8...
     
    I have a AD forest running Server 2008 R2 with an exchange server 2007.
     
    The domain/forest functional levels are 2003.
     
    I have to now create new branch offices about 5 of them in different cities.
     
    All of them are in a different subnet scheme and are all are interconnected
    via VPN tunnels setup on an appliance.
     
    The following is what is on my task list.
     
    1. Install/Create/configure branch office servers as DC/GC.
     
    2. Create Trusts between the Parent and Branch Sites.
     
     
     
    Is there any additional steps that I will need to configure like
    Replication, configure sites and services etc.
     
    Setup any additional steps to ensure all branch offices and the head office
    are in Single Forest and interconnected. I do not use DFS, SharePoint.
    Exchange is on the HeadOffice and mailboxes are accessed via the tunnel.
     
    Any references on How to's and guidance is highly appreciated.
     
     

    Enfo Zipper Christoffer Andersson – Principal Advisor
    • Marcado como respuesta Bruce-Liu martes, 24 de enero de 2012 15:54
    viernes, 20 de enero de 2012 13:25
  • Hi Christoffer,

    I am a bit confused, do I need one registered domain name to link from main(Writable) to the branches(RODC)?

    I am running AD on Windows Server 2012 environment on all branches.

    Thanks,

    -IJ-

    jueves, 25 de abril de 2013 14:54
  • Not sure what you mean by "domain name to link" here, I was refering to "Site links":
    http://technet.microsoft.com/sv-se/library/cc783909(v=ws.10).aspx

    Enfo Zipper
    Christoffer Andersson – Principal Advisor
    http://blogs.chrisse.se - Directory Services Blog

    jueves, 25 de abril de 2013 15:08