authentication

[hlauwers]

Theoretically situation :

* All 2003 servers
* 1 forest, 1 domain, with 5 subdomains (A-B-C-D-E)
* All domains are connected through a permanent WAN


If a user from subdomain_A travels to subdomain_B he will be able to login to his domain.
But will he authenticate to its own DC (subomain_A) over the WAN connection
or with the DC at subdomain_B over the LAN.

Thank you !

 

[Jpoandl]

* All 2003 servers
* 1 forest, 1 domain, with 5 subdomains (A-B-C-D-E)
* All domains are connected through a permanent WAN

I'am assuming that each sub-domain is physically seperated by a WAN link.

nj.company.local
NC.company.local
FL.company.local

Then Bob (user account from NJ) is in North Carolina and is trying to login to the NJ.company.com domain. .....He will still be able to log on but authentication will occur over the WAN.

This is why it would be better to create fewer domains. If you had one domain, you users would always authenticate locally.

for example:

US.company.local (Then you would define your AD Sites for NJ, NC, FL and place at least one DC in each site) In this configuration, all users would authenticate with local DC's all of the time.

-later


Joseph L. Poandl
MCSE 2003

If your company is in need of experts to examine technical problems/solutions, please contact

http://www.NJCOMPUTERNETWORKS.com

(Sales@njcomputernetworks.com)

 

[hlauwers]

Jpoandl,

thank you for your confirmation on this subject.

I think a single domain will be the best solution

tnx & Bye