- This topic has 9 replies, 2 voices, and was last updated 8 years, 6 months ago by
.
-
Posts
-
-
Hello Experts,
I am having a strange situation where i have a central Exchange server and one branch office.
I want to create a domain where i dont have to use diffrent logins as well as local admin can implement or alter the policies for branch.
In short usernames should be replicated to branch but policies must not be replicated.
Is there any way/scenario i can achieve this? please suggest
-
-
Thanks Webmaster for your kind reply,
As you have said i have tried a Parent domain and child domain in forest with writable trust but in that case user authentication from child to parent was not happening. Also i had tried PDC and additional domain but it replicates both users and GPOs. I dont know what is federated domian any links or suggestions will be very helpful and appreciated…
-
Sorry, probably AD Federation isn’t useful to you, I just re-read what you were asking for. Can you tell me a little about your environment? So you have a main office and a branch office? Are these connected by a VPN or are they on some sort of ISP provided frame relay or something? Does each branch have it’s own domain currently? Is it possible just to have one domain across the whole organisation? How many PCs in the organisation and at each branch?
I’m guessing you’re probably fine to have a single domain and have a DC at each branch that’s large enough to require one, then set up each branch as an AD site.
-
Yes Even i gave a look at AD Fed after u suggested it dosent looks the solution i am looking for.
Let me explain the situation 1> we have a exchange server and AD at Head office.
2> We have a branch office where most of the users sit and work.
3> Both the branches are connected by VPN.
4>ALL i want is no dual logins so users will not have to deal with more than one password
and managing the policy on local level with minimum replication so as to avoid burden on exchange server…any way thanks for your time and efforts …
cheers!!!
-
So why not have one domain across the whole organisation? If you have a lot of users or slow links between branches you could put a Domain Controller with it’s own site at each branch. Policy can be managed at a local level by having policy per site or setting up OUs for different branches.
Could that work for you?
-
Yes i agree to that and infact tried this …I know that is most suitable option. But I have not been able to solve my replication issue.
My OU or site that will have a GPO specific to site will needed to be created at PDC and then it will be replicated to additional DC. I want to avoid this constant replication.My domain is installed with Exchange server which i want to retain (or mess with it as last option)
am i missing something??? Please Suggest… -
-
-
Ok, here’s my recommendation:
Set up a new VM / physical host as a DC, located on the same network segment as your other DC. Get replication working. Then set up a new VLAN and put the DC in that and make sure replication works (you’ll need to do a new site at this point).
Once you’ve fixed your replication issue (start a new thread with the errors and I can help you), I’d look at putting 2 DCs at the remote location (for failover). I’d probably put 2 physical hosts, each with Hyper-V, each host running one DC as a VM. Also I’d do some research into Exchange to see if you could have some sort of edge server sitting out there to reduce traffic on the WAN.
If you can’t fix the replication issue, I’d consider hiring a consultant or putting a call into Microsoft. Failing that, if you’re comfortable doing so, I’d consider a green field AD install while you have so few users and the opportunity. 😉
-
- You must be logged in to reply to this topic.