Recommendations for best practice for designing geographically disparateAD

Discussion in 'Windows Networking' started by Robert Gordon, Nov 3, 2007.

  1. I have one office (50 people) in North America, under a single AD
    domain. I am also about to open a second office (30 users) across the
    Pacific and the offices will be connected via a LAN-LAN VPN connection.
    These offices will each have plenty of Internet bandwidth on both ends
    (5 MB+) which are both close to my provider's global backbone.

    There will definitely be some potential requirements for being able to
    set granular access from each side. I will need to create a DC/DNS/DHCP
    and Exchange environment for the remote office, so there can be business
    continuity should the VPN connection go down. Obviously the remote
    office will be using separate IP subnets from the main North America office.

    In this set up, would creating a separate site, under the same AD domain
    be the most logical design?
     
    Robert Gordon, Nov 3, 2007
    #1
    1. Advertisements

  2. Robert Gordon

    Anthony Guest

    Yes. You need a separate Site in AD Sites and Services so that people
    connect to their nearest DC. You don't need a separate domain or forest
    unless you have incompatible security requirements at the two sites,
    Hope that helps,
    Anthony, http://www.airdesk.co.uk
     
    Anthony, Nov 3, 2007
    #2
    1. Advertisements

  3. Robert Gordon

    Ryan Hanisco Guest

    Robert,

    You shouldn't have any technical problems with the design that you are
    proposing. If the country is China or one of the others that has a very
    different view of intellectual property than we do, however, I would suggest
    that you sequester them into a separate forest and rely on forest trusts
    making sure that all documentation and IP is stored off site, preferably in
    an encrypted CMS.

    Certainly talk to your general counsel and whatever liaison company or
    consultants you are using for the security impacts. I understand that this
    is a management pain and I am usually an advocate for a single domain or at
    least single forest where possible, but if there are any IP concerns, you
    must look as a separate forest.

    Hope this helps.
    --
    Ryan Hanisco
    MCSE, MCTS: SQL 2005, Project+
    http://www.techsterity.com
    Chicago, IL

    Remember: Marking helpful answers helps everyone find the info they need
    quickly.
     
    Ryan Hanisco, Nov 3, 2007
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.