IT Support Forum › Forums › Active Directory › General Discussion › Domain for various Branches
Tagged: child domain, domain trust, federated domain
- This topic has 9 replies, 2 voices, and was last updated 8 years, 6 months ago by
Webmaster.
-
AuthorPosts
-
-
November 27, 2014 at 9:32 pm #992
vaibhavu
ParticipantHello Experts,
I am having a strange situation where i have a central Exchange server and one branch office.
I want to create a domain where i dont have to use diffrent logins as well as local admin can implement or alter the policies for branch.
In short usernames should be replicated to branch but policies must not be replicated.
Is there any way/scenario i can achieve this? please suggest
-
November 27, 2014 at 10:24 pm #993
Webmaster
KeymasterHi, welcome to the forum!
Hmmm sounds like you need either a federated domain or a single domain with child domain, or a domain trust. Have you explored these options?
-
November 27, 2014 at 10:37 pm #994
vaibhavu
ParticipantThanks Webmaster for your kind reply,
As you have said i have tried a Parent domain and child domain in forest with writable trust but in that case user authentication from child to parent was not happening. Also i had tried PDC and additional domain but it replicates both users and GPOs. I dont know what is federated domian any links or suggestions will be very helpful and appreciated…
-
December 1, 2014 at 9:08 am #999
Webmaster
KeymasterSorry, probably AD Federation isn’t useful to you, I just re-read what you were asking for. Can you tell me a little about your environment? So you have a main office and a branch office? Are these connected by a VPN or are they on some sort of ISP provided frame relay or something? Does each branch have it’s own domain currently? Is it possible just to have one domain across the whole organisation? How many PCs in the organisation and at each branch?
I’m guessing you’re probably fine to have a single domain and have a DC at each branch that’s large enough to require one, then set up each branch as an AD site.
-
December 1, 2014 at 5:14 pm #1001
vaibhavu
ParticipantYes Even i gave a look at AD Fed after u suggested it dosent looks the solution i am looking for.
Let me explain the situation 1> we have a exchange server and AD at Head office.
2> We have a branch office where most of the users sit and work.
3> Both the branches are connected by VPN.
4>ALL i want is no dual logins so users will not have to deal with more than one password
and managing the policy on local level with minimum replication so as to avoid burden on exchange server…any way thanks for your time and efforts …
cheers!!!
-
December 1, 2014 at 7:14 pm #1002
Webmaster
KeymasterSo why not have one domain across the whole organisation? If you have a lot of users or slow links between branches you could put a Domain Controller with it’s own site at each branch. Policy can be managed at a local level by having policy per site or setting up OUs for different branches.
Could that work for you?
-
December 1, 2014 at 9:18 pm #1003
vaibhavu
ParticipantYes i agree to that and infact tried this …I know that is most suitable option. But I have not been able to solve my replication issue.
My OU or site that will have a GPO specific to site will needed to be created at PDC and then it will be replicated to additional DC. I want to avoid this constant replication.My domain is installed with Exchange server which i want to retain (or mess with it as last option)
am i missing something??? Please Suggest… -
December 2, 2014 at 10:43 am #1004
Webmaster
KeymasterI think you should perhaps address the replication issue, rather than try to find a workaround. Replication should be a really small amount of traffic.
Just so I can understand your architecture better, how many users are we talking about at each branch and head office?
-
December 2, 2014 at 4:54 pm #1005
vaibhavu
ParticipantHead office or rather a Exchange server is at data center and only 10 users use it while my development center is offshore office with 50 users (but we are growing Expect to grow by 300 users).
-
December 6, 2014 at 2:13 pm #1011
Webmaster
KeymasterOk, here’s my recommendation:
Set up a new VM / physical host as a DC, located on the same network segment as your other DC. Get replication working. Then set up a new VLAN and put the DC in that and make sure replication works (you’ll need to do a new site at this point).
Once you’ve fixed your replication issue (start a new thread with the errors and I can help you), I’d look at putting 2 DCs at the remote location (for failover). I’d probably put 2 physical hosts, each with Hyper-V, each host running one DC as a VM. Also I’d do some research into Exchange to see if you could have some sort of edge server sitting out there to reduce traffic on the WAN.
If you can’t fix the replication issue, I’d consider hiring a consultant or putting a call into Microsoft. Failing that, if you’re comfortable doing so, I’d consider a green field AD install while you have so few users and the opportunity. 😉
-
-
AuthorPosts
- You must be logged in to reply to this topic.