Options
AD authentication across mpls
Scenario:
Company ABC has 9 sites connected via mpls across two states, say California and Washington. Site CA1 and WA1 are the headquarters and each have a windows server 2003 domain controller that handles authentication. If the other 7 sites are small, less than 10 employees, do I need to add a dc at each satellite office to handle authentication or will the connectivity via mpls to the hq dc's suffice?
Company ABC has 9 sites connected via mpls across two states, say California and Washington. Site CA1 and WA1 are the headquarters and each have a windows server 2003 domain controller that handles authentication. If the other 7 sites are small, less than 10 employees, do I need to add a dc at each satellite office to handle authentication or will the connectivity via mpls to the hq dc's suffice?
Comments
-
Options
Claymoore
Member Posts: 1,637
It depends...
Are there any application servers at the remote sites that require a DC and/or GC, such as Exchange?
Will users need to authenticate to any local resources, such as a file server, even if the corporate link is down?
Will you be deploying software through group policy or other means that would occur during login?
Will the sites have separate internet connections besides the MPLS link? -
Options
phoeneous
Member Posts: 2,333 ■■■■■■■□□□
It depends...
Are there any application servers at the remote sites that require a DC and/or GC, such as Exchange?
Will users need to authenticate to any local resources, such as a file server, even if the corporate link is down?
Will you be deploying software through group policy or other means that would occur during login?
Will the sites have separate internet connections besides the MPLS link?
1. Only resources at remote sites will be printing. Email, Apps and file shares are at headquarters.
2. No software via group policy.
3. No. Remote sites use hq internet link.
Each remote site has a 1.5Mbps t1, each hq office has 10Mbps.
EDIT:
I think I'm just going to put a server at each office and avoid any possible headaches. -
Options
Asif Dasl
Member Posts: 2,116 ■■■■■■■■□□
If you are going with Server 2008, it could be a chance to deploy BranchCache and Read-Only Domain Controllers at the branch sites. -
Options
it_consultant
Member Posts: 1,903
You don't need a DC at each site. Authentication traffic is not what will fill those pipes up. It will most certainly be CIFS (same as SMB) traffic for file sharing that will be the biggest problem. -
OptionsClaymoore
Member Posts: 1,637
1. Only resources at remote sites will be printing. Email, Apps and file shares are at headquarters.
2. No software via group policy.
3. No. Remote sites use hq internet link.
Each remote site has a 1.5Mbps t1, each hq office has 10Mbps.
EDIT:
I think I'm just going to put a server at each office and avoid any possible headaches.
Since you have established you don't need them, placing a DC at each would only cause headaches. Equipment, licensing, maintenance, security - all headaches you can avoid. -
Optionsphoeneous
Member Posts: 2,333 ■■■■■■■□□□
Since you have established you don't need them, placing a DC at each would only cause headaches. Equipment, licensing, maintenance, security - all headaches you can avoid.
Those arent really headaches, in fact, I would prefer that much responsibility.
