none
Active Directory among different locations

    问题

  • We have a client with a single forest/domain running on a single 2008 R2 server.  They currently have 2 departments that also use this server for AD authentication. One of the departments is looking to physically move into a new building with the second possibly also in the next year.  We would like keep this department on the same domain with their own ADDS server once they move.  I had someone mention child domains to me and i also came across Active Directory Sites.

    There will also still be VPN connectivity between sites. 

    What would be the preferred method of breaking users of this department onto their own ADDS server?  Would creating another site still allow users from the main office to travel to another department and still authenticate with their credentials?

    Thanks,

    ADom

    2012年6月16日 18:55

答案

  • there is no need to complicate your network by introducing child domains - multiple sites should be all you need.

    We have somewhere between 100 and 200 locations across Canada, each in its own site in a single forest/domain configuration. Any user can go anywhere and logon to get access to their home folder, e-mail, and all corporate applications.

    I misspoke. Some of our smaller locations do not have their own domain controller, so their subnet belongs to a site at another location. Not idea, as this increases logon times. But it does work.

    Where we have refleced the geographical layout is in the OU structure. But that is just for the delegation of administrative rights to local site administrators.


    Al Dunbar

    • 已标记为答案 adomin1000 2012年6月17日 1:49
    2012年6月16日 20:12

全部回复

  • there is no need to complicate your network by introducing child domains - multiple sites should be all you need.

    We have somewhere between 100 and 200 locations across Canada, each in its own site in a single forest/domain configuration. Any user can go anywhere and logon to get access to their home folder, e-mail, and all corporate applications.

    I misspoke. Some of our smaller locations do not have their own domain controller, so their subnet belongs to a site at another location. Not idea, as this increases logon times. But it does work.

    Where we have refleced the geographical layout is in the OU structure. But that is just for the delegation of administrative rights to local site administrators.


    Al Dunbar

    • 已标记为答案 adomin1000 2012年6月17日 1:49
    2012年6月16日 20:12
  • Thanks for your response.  I focused my reading towards sites and not child domains and understand now.  I also read references to "site links" but could not find a clear definition of what this is used for.   Thanks
    2012年6月17日 1:49