Your suggestion:Local server v.s. one server (PDC) for all ? 2

[Sina]

There are over 50 location with 400 users per location. Each site has their own server that serves the local users with thier desktops. All Servers at the local site are BDC with a PDC at the HQ. All sites are connected to the HQ with a 100 Meg line.

We are thinking of removing the local server and have only a PDC and a BDC at the HQ.

Considering the number of users per each site, I'm wondering if it would be a good idea to remove the local server and have everyone authenticate against the PDC at the HQ.

Any thoughts?
Thank you

Sina

 

[GiaBetiu]

Definitelly not!
You will have more authentication traffic than data through your connection links between sites.
Anyway,.. why are you saying PDC and BDC?? In windows 2000 they are ALL DC!! What can be different are functions that you always can reasign them to other DCs.
One of the fucntion, a very impirtant one because is making the authentications is "global catalog".
The rule? Keep a global catalog on every site!
Have windows 9x computers ? Install DS Client on them. This will force them to contact the Global Catalog from your site.
Always try to keep the traffic local.

Gia Betiu
giabetiu@chello.nl
Computer Eng. CNE 4, CNE 5, MCSE Win2K

 

[JeffHicks]

Additionally, even fast WAN connections can fail. Having a domain controller at every location allows your remote sites to remain partially functional during a WAN outage. This relieves alot of stress off of you while you fix the WAN problem.

 

[Sina]

Thank you all for your suggestion.

You see the pressure here is to remove the local server from each site and have all the users over 4000 to authenticate against the PDC in the HQ (same city) over the 100 meg line.

Considering we have to migrate to windows 2000 ACtive directory, is it advisable to remove all the local server and have everyone coming to HQ for the authentication and desktops?

The idea is to remove the local server and reduce the support and maintenace associated with it.

What do you think?

Any thoughts on the migration and upgrade of Windows 4.0 server to 2000 AC?

And again the big questions is to wheather to keep the local server or not and if yes, What is the gain by that?

thank you all

 

[GiaBetiu]

Forget about the idea of having authentication on the HQ for all the sites.
Understand the above advices.
As about your last question, you ahev the answer in my first response ("global catalog&quot.

Gia Betiu
giabetiu@chello.nl
Computer Eng. CNE 4, CNE 5, MCSE Win2K

 

[Sina]

So If I understand correctly,
1. keep the local servers
2. upgrade all servers to windows 2000 server


You suggest to install active directory on all servers?

 

[GiaBetiu]

Yes, of course, just a domain controller will be able to serve authentication requests.

Gia Betiu
giabetiu@chello.nl
Computer Eng. CNE 4, CNE 5, MCSE Win2K

 

[Davix]

I cannot agree more. If you remove the DC from the remote site and the remote site has problem authenticating you are going to spend more time troubleshooting the problem than it would take just to leave a DC and maintain it.

Good Luck

 

[Sina]

Thank you.

Now since these server all are running nt 4.0, can I do an upgrade to windows 2000, and if so when upgradeing the PDC on the HQ to windows 2000, what is the perfered way of installing Active directory?

Global catalog and replication ?

Thanks

 

[GiaBetiu]

There are a few possibilities.
What I think is good is: inplace upgrade on HQ, then, upgrade one by one the BDCs. If you want to change the physical machine too, then make it memebr of the domain, demote the PDC to a BDC.
What is nice is that the BDCs from NT4 will still work with a PDC that is windows2000. So, you will have time to upgrade the BDcs.
As about global catalog, and stuff like this, youhave to define in "AD Sites and Services" console, the subnets of your remotte sites, the sites themself, then, move your remote servers in every such a site. Once this is done, in the same AD Sites and Serv. right of the mouse on the server, properties, and then check the checkbox: Global Catalog.
Don't forget to install DS Client on the computers W9x if you have.

Gia Betiu
giabetiu@chello.nl
Computer Eng. CNE 4, CNE 5, MCSE Win2K

 

[Sina]

Thanks much.

Starting with the design of the AD, site and services,
Since we have about 20 to 25 sites all in the same city, with over 350 users, what would be the best way to design the hierarchy of the domain and OU.

i.e

Root = ITMS.city.com

(city.com is the suffix that we must use, the guys in the networking have already taken care of the registration of that).

Questions:

For each site do I need to setup

Site1. itms.city.com
Site2. itms.city.com
Site3. itms.city.com
Site4. itms.city.com


What is the recommendation?

I would like to take extra care in designing since chaning it afterwards would not be easy.

Thanks much.

 

[Sina]

I guess my question is to wheather create child OU's or not. and what role the local server would play?

thank

 

[Davix]

It depends on how interactive the 2 sites are. You can go with:
HQ.com <-> Remote.com
| |
DC.Domain.HQ.com <-> DC.Domain.Remote.com

This way there is no dependancy by either site. You would need to setup trusts and make some tweaks to the DNS and/or Email system. This shouldn't be too time consuming if you have someone with basic experience with DNS and email.

The other model:

Domain.com
/ HQDC.Domain.com RemoteDC.Domain.com

Thi works well if the 2 sites communicate a lot; if remote employees are running apps off a HQ server. Replication comes into play so be aware of your bandwidth availability.


Good Luck,




Stop bitching about Microsoft, they keep us employed!!