Advice on adding new remote site to AD 1

[liorz66]

Hi All
I need some advice and ideas on this issue.
I have an existing 2003 AD site with 1 DC and 1 Exchange servers.
We need to connect a new remote site that has no AD yet, but should have also AD server (for local authentication) and secondary Exchange server. all users should be able to authenticate from each location.
The exchange servers should host same email domain i.e. @domain.com should be for all users

Should I:
Connect the new domain as sub domain, child domain or same level second AD?
How should be the exchange servers configured to accept same email domain?
Please can you post your ideas based on the above?

Really appreciate your help!

Thanks

 

[Dublin73]

Hi, the only reason you'd want to create a child domain, would be, if you wanted to delegate administration tasks to employees at the remote office. Where the remote office employees would have access to make changes to AD user or computer info.

Even if you did want to delegate AD access, this can be done at the OU level. So you probably don't want a child domain.

I presume the remote office is on a different I.P. network to your own? If so, within Active Directory sites and services, you'll need to....

- create a subnet object to correspond with the subnet in the remote office
- create a "Site" for the remote office
- link your newly created subnet object to this "Site"

From there, once you've got your Domain Controller built in the remote site, all of the PCs etc. in the remote site know it's that domain controller they should be talking to ( as it's on the same subnet ). You'll likely want your DNS zones on the remote Domain Controller to be AD-Integrated. The remote DC should be pointed to your main office DC for its primary DNS server (as opposed to itself).

Regarding Exchange...

your ISP will have what's called an "MX record" for your domain. It basically states that for internet e-mails, when a mail is sent, intended for yourdomainname.com, send it via SMTP (in most cases) to one of yourcompany's public I.P. addresses.

I don't believe an MX record can be set up to send e-mail to two I.P. addresses at the same time. I haven't set up Exchange before in a multiple office set up, but I believe what you''ll want to do here is, leave your existing Exchange configuration intact... and set up a second Exchange server in your remote office. Then set the remote office server to replicate off of the main office server.

Have a look on Microsoft's site to see if you can find some info. on the subject.

good luck with it

 

[liorz66]

Thanks Dublin73! that's a very detailed answer.

do you know if the AD roles (replication master, global catalog etc) can be stored on both servers?
wouldn't it cause slow response for users to log in?
should i use roaming profiles?

thanks again!

 

[Dublin73]

A bit of info on the 5 FSMO roles...

http://support.microsoft.com/kb/197132

Unless you have more than a thousand users in either office, I'd say leave all 5 of the FSMO roles on one server in the main office.

Make one domain controller in each office a global catalog server.

As for whether or not to use roaming profiles, that really depends on what you're trying to achieve. If you do go with roaming profiles, store the profiles on a server in the same office as the users.

 

[liorz66]

Many thanks again!

 

[58sniper]

And unless you have > a hundred in the remote site, you don't need an Exchange server there.

Pat Richard, MCSE MCSA:Messaging CNA
Microsoft Exchange MVP
Want to know how email works? Read for yourself -

http://www.ietf.org/rfc/rfc2821.txt

 

[liorz66]

Wouldn't it be slow performance if i use EX on one location only?

 

[58sniper]

That's what Outlook's Cached Mode is for. It substantially minimizes bandwidth usage between the client and the server.

Pat Richard, MCSE MCSA:Messaging CNA
Microsoft Exchange MVP
Want to know how email works? Read for yourself -

http://www.ietf.org/rfc/rfc2821.txt