Windows 2003 Server Admins vNeed Help

Discussion in 'OT Technology' started by aaarn, Dec 18, 2007.

  1. aaarn

    aaarn New Member

    Joined:
    Apr 29, 2004
    Messages:
    6,141
    Likes Received:
    0
    Location:
    Denver
    I manage the network for a pretty small company (~60) users.

    We have a remote site of about 5 users that are connected via a T1. These computers are on the same subnet as the main office. The routers connected the T1 are configured as transparent bridges. Users at the remote site are experiencing really long waits for most applications. i.e. printing, mail, authenticating users, etc.

    I want to deploy an additional 2003 Server DC at the remote site. It will server as a print server for the printers at the remote location, as well as serve as the domain controller for the remote users.

    My question is, how do I force only those users at the remote site to authenticate against this new DC/Print server, and not traverse the WAN to authenticate against the DC in the main office? Can this be done without putting the remote office on a different subnet?

    Can I specify at what time during the day these 2 DCs replicate with each other? I would rather them replicate at midnight, so they arent constantly putting data over the WAN link during the day.

    Thanks for any info you can give me.
     
  2. P07r0457

    P07r0457 New Member

    Joined:
    Sep 20, 2004
    Messages:
    28,491
    Likes Received:
    0
    Location:
    Southern Oregon
    In active directory you can create two different "sites" and have each DC assigned to the correct site. This should have the PCs first attempt their local DC, and only go to another DC if their local DC fails or times out.

    However, two independent sites *should* be using seperate subnets, imo.
     
  3. aaarn

    aaarn New Member

    Joined:
    Apr 29, 2004
    Messages:
    6,141
    Likes Received:
    0
    Location:
    Denver
    That's the part I was afraid of. The guy who designed the network before me didnt make them separate, so I may have to reconfigure the routers.


    So if I create the two "sites" and place the new DC in one of these sites, how do the client computers in the remote office know what DC to connect to? Do I have to put the clients in the site as well?
     
  4. P07r0457

    P07r0457 New Member

    Joined:
    Sep 20, 2004
    Messages:
    28,491
    Likes Received:
    0
    Location:
    Southern Oregon
    I would leave users alone. However, you can assign each PC into the appropriate site. This works great for desktops. Users can roam -- desktops generally don't.

    For laptops there needs to be a compromize.

    Either users can log on "locally" to the machine and use a VPN to access network resources (typical of a laptop config because they need to be used in airports, homes, etc, where you don't have intra-network connectivitiy.)

    Or the laptop users can login to the domain; and when they're at remote sites they would need to accept the fact that this approach would lead to slower logins when outside of their "home" office.
     
  5. aaarn

    aaarn New Member

    Joined:
    Apr 29, 2004
    Messages:
    6,141
    Likes Received:
    0
    Location:
    Denver
    Sorry, my wording was bad. When I said client, I meant desktops not users.

    That's good news. Thank you
     
  6. chrislehr

    chrislehr * from home

    Joined:
    Feb 20, 2001
    Messages:
    132,713
    Likes Received:
    165
    Location:
    ATX/IT Threads
    two subnets, and two AD sites in Sites and Services. Both GC's. and then configure replication windows.
     
  7. 5Gen_Prelude

    5Gen_Prelude There might not be an "I" in the word "Team", but

    Joined:
    Mar 14, 2000
    Messages:
    14,519
    Likes Received:
    1
    Location:
    Vancouver, BC, CANADA
    Sites and Services handle which DC authenticates per subnet (which is why you want to use two subnets). Not sure what Jolly is talking about - you don't assign the computers to a specific DC, it's based on the IP address and the subnet the computer/laptop picks up.
     

Share This Page