2 dc's over wan link... need advice

i have a client with headquarters in NY and another office in FL. both
offices have DSL connections to the internet with static IP addresses. the 2
offices are constantly connected to eachother via an L2TP VPN connection
that is established between 2 internet security appliances (1 at each
location). the 1 and only domain controller is in NY. (2000 server, AD, DHCP
etc....) the problem, of course is speed. when a user logs on to the domain
in Florida, the logon can take up to 5 minutes at times! this has become
unacceptable and we are putting in another server in Florida. what would be
the best way to configure this? should i bring the new server online in
Florida and simply dcpromo it and leave it at that? will the Florida clients
be automatically authenticated by the new server in Florida simply because
its closer, or will some configuration be necessary. and since i can hear
the rumbles already ill say this... a second subnet or domain is out of the
question. i tried, and management isnt happy for whatever reason. any advice
on this?

<(E-Mail Removed)> wrote in message
news:VMFvc.51859$(E-Mail Removed). net...
> the best way to configure this? should i bring the new server online in
> Florida and simply dcpromo it and leave it at that?

As long as it can see the remote Domain properly to be able to join it and
become a DC in it,...yes that is a way to do it. But remember that all
Active Directory Replication must now occur over that already slow link.

> will the Florida clients
> be automatically authenticated by the new server in Florida simply because
> its closer, or will some configuration be necessary. and since i can hear

Typically it happens with whichever DC is the "quickest to the draw", which
obviously would be the DC on FL.

> the rumbles already ill say this... a second subnet or domain is out of
the
> question. i tried, and management isnt happy for whatever reason. any
advice
> on this?

They they are "making their bed" and must "lay in it". Businesses and
Organizations are the victems of their own choices,.. they bring things on
themselves. Whether it performs good, bad, or average,...they are stuck with
it by thier own choice,...they must be made to understand that. I'm not
saying that the Domain Controller method is bad or good, I'm just saying, if
that is all they allow then what they get is what they get.

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

I should mention that you should look in the Active Directory Sites. It can
all be in one Domain yet a different "Site" and that may be more suitable
over a slow link. Active Directory isn't my "area" so you may want to
investigate that on your own.

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

hhmm.. ok. thank you. anyone else following this have any suggestions?


"Phillip Windell" <@.> wrote in message
news:(E-Mail Removed)...
> I should mention that you should look in the Active Directory Sites. It
can
> all be in one Domain yet a different "Site" and that may be more suitable
> over a slow link. Active Directory isn't my "area" so you may want to
> investigate that on your own.
>
> --
>
> Phillip Windell [MCP, MVP, CCNA]
> www.wandtv.com
>
>

I don't have the rest of the thread, but Active Directory Sites and Services
lets you build sites so Windows knows physically where each major network
device or AD computer is located. You go in to sites and say you have 1
Domain, but it is located in New York and Paris. You set up a site for New
York and on for Paris and put the computers from each city into those
groups.

Windows will compress AD replication traffic to compensate for slow WAN
links. Local workstations are also directed to GCs in this manner. It will
tell a PC in New York to authenticate in New York instead of going over the
WAN link to Paris.

Henry

<(E-Mail Removed)> wrote in message
news:tiJvc.2257$(E-Mail Removed) ...
> hhmm.. ok. thank you. anyone else following this have any suggestions?
>
>
> "Phillip Windell" <@.> wrote in message
> news:(E-Mail Removed)...
> > I should mention that you should look in the Active Directory Sites. It
> can
> > all be in one Domain yet a different "Site" and that may be more
suitable
> > over a slow link. Active Directory isn't my "area" so you may want to
> > investigate that on your own.
> >
> > --
> >
> > Phillip Windell [MCP, MVP, CCNA]
> > www.wandtv.com
> >
> >
>
>

Yea, I think that is what he needs. I guess I tripped and fell face first
into the right answer there... :-)


--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com


"oothlagre" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> I don't have the rest of the thread, but Active Directory Sites and
Services
> lets you build sites so Windows knows physically where each major network
> device or AD computer is located. You go in to sites and say you have 1
> Domain, but it is located in New York and Paris. You set up a site for New
> York and on for Paris and put the computers from each city into those
> groups.
>
> Windows will compress AD replication traffic to compensate for slow WAN
> links. Local workstations are also directed to GCs in this manner. It will
> tell a PC in New York to authenticate in New York instead of going over
the
> WAN link to Paris.
>
> Henry
>
> <(E-Mail Removed)> wrote in message
> news:tiJvc.2257$(E-Mail Removed) ...
> > hhmm.. ok. thank you. anyone else following this have any suggestions?
> >
> >
> > "Phillip Windell" <@.> wrote in message
> > news:(E-Mail Removed)...
> > > I should mention that you should look in the Active Directory Sites.
It
> > can
> > > all be in one Domain yet a different "Site" and that may be more
> suitable
> > > over a slow link. Active Directory isn't my "area" so you may want to
> > > investigate that on your own.
> > >
> > > --
> > >
> > > Phillip Windell [MCP, MVP, CCNA]
> > > www.wandtv.com
> > >
> > >
> >
> >
>
>

I agree. AD sites is definitely the way to go.

"Phillip Windell" <@.> wrote in message
news:(E-Mail Removed)...
> Yea, I think that is what he needs. I guess I tripped and fell face first
> into the right answer there... :-)
>
>
> --
>
> Phillip Windell [MCP, MVP, CCNA]
> www.wandtv.com
>
>
> "oothlagre" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> > I don't have the rest of the thread, but Active Directory Sites and
> Services
> > lets you build sites so Windows knows physically where each major
network
> > device or AD computer is located. You go in to sites and say you have 1
> > Domain, but it is located in New York and Paris. You set up a site for
New
> > York and on for Paris and put the computers from each city into those
> > groups.
> >
> > Windows will compress AD replication traffic to compensate for slow WAN
> > links. Local workstations are also directed to GCs in this manner. It
will
> > tell a PC in New York to authenticate in New York instead of going over
> the
> > WAN link to Paris.
> >
> > Henry
> >
> > <(E-Mail Removed)> wrote in message
> > news:tiJvc.2257$(E-Mail Removed) ...
> > > hhmm.. ok. thank you. anyone else following this have any suggestions?
> > >
> > >
> > > "Phillip Windell" <@.> wrote in message
> > > news:(E-Mail Removed)...
> > > > I should mention that you should look in the Active Directory Sites.
> It
> > > can
> > > > all be in one Domain yet a different "Site" and that may be more
> > suitable
> > > > over a slow link. Active Directory isn't my "area" so you may want
to
> > > > investigate that on your own.
> > > >
> > > > --
> > > >
> > > > Phillip Windell [MCP, MVP, CCNA]
> > > > www.wandtv.com
> > > >
> > > >
> > >
> > >
> >
> >
>
>

ok so as of now there is one domain and one site (the default first site).
so youre suggesting a second site, called florida, and moving all florida
pc's into this site? is that done through ad users and computers after the
site is created in sites and services?

"Bill Grant" <not.available@online> wrote in message
news:%(E-Mail Removed)...
> I agree. AD sites is definitely the way to go.
>
> "Phillip Windell" <@.> wrote in message
> news:(E-Mail Removed)...
> > Yea, I think that is what he needs. I guess I tripped and fell face
first
> > into the right answer there... :-)
> >
> >
> > --
> >
> > Phillip Windell [MCP, MVP, CCNA]
> > www.wandtv.com
> >
> >
> > "oothlagre" <(E-Mail Removed)> wrote in message
> > news:(E-Mail Removed)...
> > > I don't have the rest of the thread, but Active Directory Sites and
> > Services
> > > lets you build sites so Windows knows physically where each major
> network
> > > device or AD computer is located. You go in to sites and say you have
1
> > > Domain, but it is located in New York and Paris. You set up a site for
> New
> > > York and on for Paris and put the computers from each city into those
> > > groups.
> > >
> > > Windows will compress AD replication traffic to compensate for slow
WAN
> > > links. Local workstations are also directed to GCs in this manner. It
> will
> > > tell a PC in New York to authenticate in New York instead of going
over
> > the
> > > WAN link to Paris.
> > >
> > > Henry
> > >
> > > <(E-Mail Removed)> wrote in message
> > > news:tiJvc.2257$(E-Mail Removed) ...
> > > > hhmm.. ok. thank you. anyone else following this have any
suggestions?
> > > >
> > > >
> > > > "Phillip Windell" <@.> wrote in message
> > > > news:(E-Mail Removed)...
> > > > > I should mention that you should look in the Active Directory
Sites.
> > It
> > > > can
> > > > > all be in one Domain yet a different "Site" and that may be more
> > > suitable
> > > > > over a slow link. Active Directory isn't my "area" so you may
want
> to
> > > > > investigate that on your own.
> > > > >
> > > > > --
> > > > >
> > > > > Phillip Windell [MCP, MVP, CCNA]
> > > > > www.wandtv.com
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>

Yes, you create the site and then move objects into it from sites and
services.

<(E-Mail Removed)> wrote in message
news:v74wc.5132$(E-Mail Removed) t...
> ok so as of now there is one domain and one site (the default first site).
> so youre suggesting a second site, called florida, and moving all florida
> pc's into this site? is that done through ad users and computers after the
> site is created in sites and services?
>
> "Bill Grant" <not.available@online> wrote in message
> news:%(E-Mail Removed)...
> > I agree. AD sites is definitely the way to go.
> >
> > "Phillip Windell" <@.> wrote in message
> > news:(E-Mail Removed)...
> > > Yea, I think that is what he needs. I guess I tripped and fell face
> first
> > > into the right answer there... :-)
> > >
> > >
> > > --
> > >
> > > Phillip Windell [MCP, MVP, CCNA]
> > > www.wandtv.com
> > >
> > >
> > > "oothlagre" <(E-Mail Removed)> wrote in message
> > > news:(E-Mail Removed)...
> > > > I don't have the rest of the thread, but Active Directory Sites and
> > > Services
> > > > lets you build sites so Windows knows physically where each major
> > network
> > > > device or AD computer is located. You go in to sites and say you
have
> 1
> > > > Domain, but it is located in New York and Paris. You set up a site
for
> > New
> > > > York and on for Paris and put the computers from each city into
those
> > > > groups.
> > > >
> > > > Windows will compress AD replication traffic to compensate for slow
> WAN
> > > > links. Local workstations are also directed to GCs in this manner.
It
> > will
> > > > tell a PC in New York to authenticate in New York instead of going
> over
> > > the
> > > > WAN link to Paris.
> > > >
> > > > Henry
> > > >
> > > > <(E-Mail Removed)> wrote in message
> > > > news:tiJvc.2257$(E-Mail Removed) ...
> > > > > hhmm.. ok. thank you. anyone else following this have any
> suggestions?
> > > > >
> > > > >
> > > > > "Phillip Windell" <@.> wrote in message
> > > > > news:(E-Mail Removed)...
> > > > > > I should mention that you should look in the Active Directory
> Sites.
> > > It
> > > > > can
> > > > > > all be in one Domain yet a different "Site" and that may be more
> > > > suitable
> > > > > > over a slow link. Active Directory isn't my "area" so you may
> want
> > to
> > > > > > investigate that on your own.
> > > > > >
> > > > > > --
> > > > > >
> > > > > > Phillip Windell [MCP, MVP, CCNA]
> > > > > > www.wandtv.com
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>