Hello Matthew,
first of all - please do not crosspost to so many groups. If you send it to the
most approbiate groups it will be read, and set follow-ups to where you want
the discussion. I'll set the follow-up to windows.server.active_directory
because of the DC/GC and DNS-issues.
Now let me answer inline:
Matthew Prieto says...
>
> I'm looking for suggestions on how to structure the Domain (1 Tree or 2) I
> was thinking 2 trees under one forest.
>
As far as I understood you want to keep both domain names, therefore you need
two trees.
> 1) Where to place the GC? I was thinking 2. One at root of Tree 1and the
> other at the root of Tree 2. But placing a DC at each site for
> authenication of the users.
>
Always keep in mind that if you are running native mode you need access to a GC
during logon. In Windows Server 2003 you can use the new universal group
caching feature as well if they are not traveling frequently (chaching per
default keeps the UG-Memberships for the users who already logged on to the
site in this site - if people are traveling frequently and haven't logged on
previously their membership info is not cached).
Depending on the size of both companies there's no valid reason in not making
all servers or most of them a global catalog server, usually size doesn't
matter, and if you are able to use WS2k3 then replication is not a issue as
well. Using W2k you'll have to keep in mind that a change of the schema will
force a full sync of the GC, so extend the schema before deployment.
> 2) How to replication AD over the Internet. I was thinking VPN through a
> Firewall. I have never had to do this, so how would I setup DNS to forward
> replication traffic through the VPN and not through the Public Internet?
>
You need to make sure that DNS is able to resolve all machines in both
companies. Depending on the number of hosts and the OS used you have different
options:
1. W2k+: keep a secondary zone of company1.com in company2.com and vice versa
2. W2k3: use conditional forwarding for the other companys dns
3. W2k3: keep a stub zone of company1.com in company2.com and vice versa
4. W2k3: replicate the AD-Integrated dns-zones of both companies in the
forestdnszones
In each szenario the forwarder of the local DNS-Server is pointing to the DNS-
Server of the local ISP. Which option you use depends on the numbers of DNS-
Entries you'll need. 1 needs some work (configuring the secondaries on every
DNS) and extends the size of the DNS-DB, 2 will use the VPN for every DNS-
Resolution for the other company, 3 is a good solution if you don't want all
records in the other company, 4 will increase the DB-Size. Depending on the
size I'd prefer 4,1,3,2 (first most prefered but biggest size).
For the VPN all companies I know are using Hardware VPN-Routers, but you'll
also be able to configure that using RRAS or ISA.
HTH
Gruesse - Sincerely,
Ulf B. Simon-Weidner
|
Similar Threads
Linear Mode
