Windows Server 2008 Questions.

MAC_Addy

Hello,

I have some basic questions about Windows Server.

I have 20 different locations for each of my buildings, some ranging from 1 mile to 15 miles away. Each are connected through fiber.

My boss is planning on moving everything from Novell to Windows. We have around 70 servers. each location is on 1 server (which is mega over-kill).

I'm thinking to have at least 5 - 10 locations per server.

What the question from me is how to each servers communicate with eachother?

For example, I am working at location 1 which is using server 1.
I go to location 2 that's using server 2.

Is there a way for both servers to consolidate Active Directory? I'm not sure if I should have all users in one active directory, or 1 active directory per server.

Hyper-Me

You don't need anything more than a single active directory domain.

Assuming that all sites are interconnected via some sort of VPN tunnel, you will be fine with DNS communications.

Don't forget to properly configure sites and subnets in the directory.

MAC_Addy

Is there a way to do a primary and secondary AD?

Hyper-Me

What do you mean primary and secondary?

You can do seperate domains in a forest or a subdomain if you really think you need to split it up like that, but its going to create an administrative headache for really no gain.

If you mean multiple domain controllers...yeah you can has as many as your heart desires.

If all your sites are interconnected via VPN and one DC goes down, users can still authenticate to another available DC without issue.

Claymoore

jamie.english wrote: »

Is there a way to do a primary and secondary AD?

I would expect someone who has passed the 70-640 2008 Active Directory exam - which is a requirement of the MCITP:SA you list - to know this.

MAC_Addy

Claymoore wrote: »

I would expect someone who has passed the 70-640 2008 Active Directory exam - which is a requirement of the MCITP:SA you list - to know this.

I know there is a way, but I just have never done it before. I suppose I wrote my response incorrectly.

MentholMoose

If the networks at each location are connected somehow, then just do a single domain. Building a complex domain tree structure adds complexity and is unwarranted unless you have a specific need that is served best by doing so. The easiest thing to do is create one domain and use Sites (Start menu > Administrative Tools > Active Directory Sites and Services) to match your network topology.

This sounds like a pretty big project so you should re-read your 70-640 material to figure out how to design this properly, since if you do it wrong it can cause a lot of problems.

rsutton

What books did you use for your MCITP:SA? The MS Press books for the 640 and 642 cover all of this in detail. You should go back and do the labs in these books.

TheShadow

What rsutton said +1. If you are going to replace 70 servers and you can't answer this then you are headed for trouble. Not to be condescending but it is time to lab-up quickly before you get something behind you handed to you.

All the standard books have covered labs like this since at least win2k3 or try to get the TrainSignal vids; they will walk you through most of it. Pencil and paper or Visio time.

Also before you start shrinking the number of servers, find out just why each one was needed. There may be physical security issues, HR, payroll, HIPAA, accounting, legal, design engineering, plant engineering, back-up security, etc.; and as mentioned already fail-over redundancy.

Good luck friend, sounds like fun.

earweed

I agree with the above. Before shrinking find out why the network is configured how it is now. The books even cover determine why a certain configuration is used befored changing the configuration.

Ashenwelt

Look int.o active directory sites and services. You can build what you are talking about in there.