RE: [ActiveDir] new 2003 domain controller in windows 200 forest.

[John Reijnders]

Hi,   I could not agree more with Guido! The security aspect is the most important reason to go for the suggested solution. However, there's one thing to keep in mind in this scenario namely the trustworthiness of your network. If you're not placing a DC in the remote location, network connectivity becomes a must to enable a user to do his/her work. Sure, there's a thing as cached credentials on a client, but logon on to a domain is important for a lot of services.   Cheers! John Reijnders (soon to change his e-mail address into a MSFT one)   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido Sent: maandag 31 januari 2005 21:18 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] new 2003 domain controller in windows 200 forest.   definitely give them an OU and I'd also urgently suggest you don't make the machine in that remote office a DC at all => first of all it's not required for 15 folks - you'll need it for other things such as file/print (they should easily be able to authenticate to your main office; assuming NW connectivity - which you'd also need to setup replication...) => secondly, it's much more secure, as you will likely not have much physical security in an office of 15 people and if you're using the one box for everything it's unsecure from a delegation perspective   /Guido   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeff Kraus Sent: Monday, January 31, 2005 7:19 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] new 2003 domain controller in windows 200 forest. Hi, we are setting up a remote office if about 15 people that will be linked by a vpn. we are buying new servers that have win2003 on them.     I have a coupe of questions,I hope you would indulge me with your opinions.   1: we are planning to upgrade our headquarters the 2003 in about 3 -4 months. can we setup the new server with 2003 as domain controllers so we won't have to upgrade them later ?     if so anything special we need to do ? IE: forest prep ?   2: We have a raging debate weather  to set  them up as a domain or a org unit in their own site. we have a part time adiminstrator there htat we need to give right to  for day to day admin work.   thanks for your help.     Jeff Kraus   Network Manger NIC Holding Corp. 25 Melville Park Rd Melville NY, 11747 Voice: 631.753.4272 Fax:    631.753.4305       This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.