I have head office and 13 branch offices in the regions. In head office i have a domain controller and users and organisation units. Now i am planning to connect each branch office with head office. For this reason i need to create plan of the domain system.
1. If i install domain controller in each branch office independently, then it will be only local area domain controller. There will be no connection with head office.
2. If i install just backup of the primary domain controller of the head office. Now there will be a connection and synchronization with head office. But it will reduce the network speed.
I need to install in each branch office a domain controller which will have a direct connection with head office, but the time of the synchronization with the main domain controller ought to be set scheduled. For example, domain policy changes, users rights...
Please give me some advice to realize this project.
Howdie!On 21.10.2010 10:34, Skywalker-1982 wrote:> I have head office and 13 branch offices in the regions. In head office> i have a domain controller and users and organisation units. Now i am> planning to connect each branch office with head office. For this reason> i need to create plan of the domain system.>> 1. If i install domain controller in each branch office independently,> then it will be only local area domain controller. There will be no> connection with head office.>> 2. If i install just backup of the primary domain controller of the head> office. Now there will be a connection and synchronization with head> office. But it will reduce the network speed.Have them all in the same domain. It is a massive load of extra work ifyou're going to create a seperate domain with seperate domaincontrollers for each satellite office. I wouldn't do that.Evaluate the link speeds and check whether it is necessary to have a DClocally or whether the link can handle authentication requests frombranch to hub to a hub-DC on the fly. Keep in mind that, having DCs in abranch office brings security concerns (are those DCs secure? Will youbackup them? ...).> I need to install in each branch office a domain controller which will> have a direct connection with head office, but the time of the> synchronization with the main domain controller ought to be set> scheduled. For example, domain policy changes, users rights...It doesn't work like that (exactly). You can define the schedule onwhich AD replicates changes between DCs in different sites. You cannotchange *what* changes get replicate. AD changes are AD changes. Not surewhat you mean by "User rights", but if you mean NTFS permissions onfolders and shares, those aren't replicated at all. If you mean GroupPolicy, you need to take into account that GP is replicated via adifferent mechanism, FRS most likely or DFS. Those have other schedules.Cheers,Florian
Microsoft MVP - Group Policy (http://www.frickelsoft.net/blog)
- Proposed as answer by Meinolf WeberMVP Thursday, October 21, 2010 8:13 PM
I agree to Florian and adding to his comment I would like you to see the Kb article which mentions about optimizing the Replication Traffic
What if to create additional domain controller. And put every additional domain controller into each branch office of the organisation. Because, in each branch office users will login into their domain controller. Not directly to head office. It can be more effective about the speed and network traffic.
But here is a problem appears. The main domain controller will be in head office. If it is shutdown, or restarted, or for some other reason will not be available during some time, additional domain controller will not work. My question is, how i can configure that each domain controller to work independently. But they always should synchronize with head office.
Thank you for your post here.
When you have a domain with multiple sites, DCs in the branch office should keep working even when the DC in the main site goes offline.
To resolve the issue, please check how it works if you promote at least 1 DC in one branch site as GC (global catalog). A GC will be essential when a users attempt to interactively logon. If you have only 1 GC in the main site, you may experience the logon issue when the GC goes offline.
Thank you for helping me,
Alright. but in order to create sites each branch office should have own local network. each branch office itself should have such network system. but in my case, each branch office will have connection to head office. for example, the network segment in head office is 10.0.0.0/24. in branch office is 188.8.131.52/24. And other branch office same like this method. And router will connect them with each other. head office wish branch office. So when i try to ping from branch office to the domain controller, i will reach it.
Tell me, should i try site system of domain, or just a additional domain controller system.