win2003 design question

[cyberkatis]

Im designing a win200x network. How would you design this. Here is the scenario.
500 total users
4 major sites globally (europe, usa,asiapac) each with 50-75 users
200 users scattered worldwide in 10 smaller remote offices
connections (all locations) to hub site via broadband vpn or direct FR connection
IT is centrally managed
WAN topology is hub and spoke


Would you create one domain worldwide because 50-75 users at each site really isnt enough to justify multiple child domains? or would you break it down into multiple child domains?

Chris.

 

[neutec]

Well if it was my network I would use multiple domains. This would not only help with network traffic but give you some redunancy. For example:

use.corp.com
europe.corp.com
and so one. allow each domain to be a catalog server as well. Hope that helps

 

[Big0range]

Multiple domains aren't just user-justified. It depends on how your company wants or needs to be structured and organized. You can have different security consequences with multiple domains, different organizational structures. Find out what management wants or needs. You don't have enough info to design your network yet if you're just using the numbers of users and geographical location as design factors.

 

[cyberkatis]

So even though sites have small numbers, it would still be better to make child domains?

Thanks.

 

[zaichik]

I agree with BigOrange. Domains are essentially a security boundary and have nothing to do with the number of users. They are also not dependent on location. As to control of network traffic, you can use your site design to help with that. Finally, OUs can be used for logical grouping.

Regards,

z.

 

[neutec]

Big0range what kind of security consequences would there be? If he has limited bandwidth (broadband) then I would think locale child domains would be the only way to cut down bandwidth requirments.

 

[Big0range]

Consequences can be bad and good. You can have better, more granular security with individual domains, such as allowing or restricting inter-domain access, or allowing a particular domain rights or permissions that another domain doesn't need. On the other hand, more domains mean more management, possibly more hardware, which is more time and $ consuming than a single domain.

 

[cyberkatis]

BigOrange,

Here is the deal with structure.

Yes, users and geographical location are important. We also will employ a centralized IT management model. Now departments are not as critical, at least from an OU perspective. It looks as though we will have 3 different types of OU's. Something like General Users, IT Staff, Executives (maybe 1 or 2 more).

The main question is how do you arrive at the model? I have 8 major FR sites with 10 or more smaller VPN sites. If departmental breakdown is not too important, and Im thinking 3-5 different OU's and GPO's then is a multiple domain model one in which I need? or do I just flatten it out.....there has to be a flowchart to help you decide somewhere......

 

[Big0range]

Based on what you describe, I personally would design a single-domain model. Here's a link for Win2k design and roll-out stuff, though - it may give you some insight or cause you to think about some other aspect of the design:

http://www.microsoft.com/technet/tr...chnet/prodtechnol/windows2000serv/default.asp

Take your time to get it right, plan for the future, and good luck.