First of All, I want to thank you for your help.
This is a good a good information, & really valuable answers. I will try to follow it, & can i E-mail you once i get any news. Thanks & Best regards, Rania > I don't understand why you want to use a child domain in the factory > location? Can you tell us the reason(s). In my opinion there is no > need for that. Remember what I said "for redundancy purposes you at > least need 2 DCs for each domain" For the scenario you want to > implement (2 domains) you at least need 4 DCs to service about 60 > users. For your environment 2 DCs would be enough when also thinking > about hardware costs, maintenance, licenses, etc. > > When talking about the scenario I explained earlier, 2 DCs total, 1 > DC for each location you could do the following > > In the HQ location install the first DC by: > * Install Windows 2003 with SP1 on some hardware, install DNS, WINS > and DHCP on the DC (DC01) * TCP/IP settings for DC01 (IPs are > examples): * IP 70.0.1.1 * Netmask 255.255.255.0 * > DNS preferred: 70.0.1.1, DNS alternate: 70.0.2.1 (the alternate DNS > is the other DC at the other location) * WINS primary: > 70.0.1.1, don't configure a secondary! * In DNS configure the > following zones (again examples as the names are!): * > MYDOMAIN.LOCAL (primary and allow dynamic updates) * > _MSDCS.MYDOMAIN.LOCAL (primary and allow dynamic updates) * DCPROMO > DC01 to a DC (DNS NAME domain = MYDOMAIN.LOCAL, NetBIOS name = > MYDOMAIN) (new forest, new domain, first DC) * After reboot > configure the zones as follows: * MYDOMAIN.LOCAL (AD- > integrated, replication scope = DNS in domain, allow SECURE dynamic > updates) * _MSDCS.MYDOMAIN.LOCAL (AD-integrated, replication > scope = DNS in forest, allow SECURE dynamic updates) * Authorize > DC01 as DCHP server * Configure DDNS credentials on DC01 * Configure > the DHCP scope on DC01 for the clients in HQ location by creating a > scope with ALL available IP addresses (example) * DHCP scope = > HQ location * range 70.0.1.101 - 70.0.1.150 * Exclude > 70.0.1.141 - 70.0.1.150 (=20%) * Netmask 255.255.255.0 * > Default gateway = 70.0.1.254 * Domain name = MYDOMAIN.LOCAL > * Default lease period = 8 days * DNS = 70.0.1.1 & 70.0.2.1 > * WINS = 70.0.1.1 & 70.0.2.1 * Configure the DHCP scope on DC01 > for the clients in FACTORY location by creating a scope with ALL > available IP addresses (example) * DHCP scope = FACTORY > location * range 70.0.2.101 - 70.0.2.150 * Exclude > 70.0.1.101 - 70.0.1.140 (=80%) * Netmask 255.255.255.0 * > Default gateway = 70.0.2.254 * Domain name = MYDOMAIN.LOCAL > * Default lease period = 8 days * DNS = 70.0.2.1 & 70.0.1.1 > * WINS = 70.0.2.1 & 70.0.1.1 > > In the FACTORY location install the first DC by: > * Install Windows 2003 with SP1 on some hardware, install DNS, WINS > and DHCP on the DC (DC01) (same forest, additional DC for existing > domain) * TCP/IP settings for DC02 (IPs are examples): * IP 70.0.2.1 > * Netmask 255.255.255.0 > * DNS preferred: 70.0.2.1, DNS alternate: 70.0.1.1 (the > alternate DNS is the other DC at the other location) * WINS > primary: 70.0.2.1, don't configure a secondary! * DCPROMO DC02 to a > DC (DNS NAME domain = MYDOMAIN.LOCAL, NetBIOS name = MYDOMAIN) * > Authorize DC02 as DCHP server * Configure DDNS credentials on DC02 * > Configure the DHCP scope on DC02 for the clients in HQ location by > creating a scope with ALL available IP addresses (example) * > DHCP scope = HQ location * range 70.0.1.101 - 70.0.1.150 * > Exclude 70.0.1.101 - 70.0.1.140 (=80%) * Netmask 255.255.255.0 > * Default gateway = 70.0.1.254 * Domain name = > MYDOMAIN.LOCAL * Default lease period = 8 days * DNS = > 70.0.1.1 & 70.0.2.1 * WINS = 70.0.1.1 & 70.0.2.1 * Configure > the DHCP scope on DC02 for the clients in FACTORY location by > creating a scope with ALL available IP addresses (example) * > DHCP scope = FACTORY location * range 70.0.2.101 - 70.0.2.150 > * Exclude 70.0.1.141 - 70.0.1.150 (=20%) * Netmask 255.255.255.0 > * Default gateway = 70.0.2.254 > * Domain name = MYDOMAIN.LOCAL > * Default lease period = 8 days > * DNS = 70.0.2.1 & 70.0.1.1 > * WINS = 70.0.2.1 & 70.0.1.1 > > On the router at the HQ location configure the DHCP relay option (or > IP helper) to point at DC02 (70.0.2.1) and if possible configure a delay > On the router at the FACTORY location configure the DHCP relay > option (or IP helper) to point at DC01 (70.0.1.1) and if possible > configure a delay > > On DC01 configure for WINS, DC02 as push/pull replication partner > with the default values On DC02 configure for WINS, DC01 as > push/pull replication partner with the default values > > I think not, but I may have forgotten something. > > Well you can do a network trace to see the traffic between a client > and a DC. Free network tracers are available like Etherreal, Packetyzer. > > Good luck! > > Cheers, > Jorge > > ________________________________ > > From: [EMAIL PROTECTED] on behalf of rania > Sent: Sun 10/16/2005 3:18 AM > To: [email protected] > Subject: RE: [ActiveDir] AD/ Sites & Services > > Thanks for your reply. > > Your reply is more than Perfect & really you are very helpful. > > Actually, i do not want the user Authentication to be done over the wireless > Link. > > I mean the user in Location A, when he will login in the morning, i > want him to go and speake to the DNS which is located in the Factory > and then the DNS will reply on him by giving the DC which is located > in Factory > > So i do not want the Authentication Traffic will travle from the > Location A to location B. > > 2- I have in the Location A which is the Head office 30 Users with > this Domain name ( MYDOMAIN.COM ) , and we bring 2 Domain > Controllers to work as Backup in the Head office. > > 3- in the FACTORY or in the LOCATION B, i have 20 users and child > domain with this name ( child.mydomain.com) and one domain > controller only in this location. > > 4- iam unable exactly to imagin how can i do that , so can you guide > me to this? > > 5- is there any software can i use to trace the traffic and see that > this user is now talking to this DNS and asking for the domain > controller . > > > Hi Rania, > > > > One forest with one domain should do it for you and make all DCs a GC > > > > The site and replication topology is used: > > * By DCs so they know with which DC to replicate with within a site > > and between sites * By clients/servers to find the "nearest" DC for > > authentication, GPOs, etc. > > > > Now we need to define "nearest".... > > > > The clients get the nearest DC by querying DNS. If the clients don't > > know what site they are in (mostly when joining) they ask DNS: "give > > me a DC for domain X". If they have discovered the site they are in > > they ask DNS: "give me a DC for domain X in site Y" > > > > In your situation having 2 location separated by a wireless > > connection you have the following possibilities: > > (1) Create 1 overal site for both locations and assign the subnets > > of the locations to that site > > (2) Create 2 sites, one for each location and assign the subnets of > > each location to the corresponding site > > > > (1) > > The answer for the query for "give me a DC for domain X" and "give > > me a DC for domain X in site Y" is the same. Assuming you have DCs > > at both locations a client in location A can be serviced by a DC in > > location A and B. So authentication across the wireless connection > > is a possibility! I don't think you want that > > > > (2) > > Assuming again you have DCs at both locations, the query for "give > > me a DC for domain X" and "give me a DC for domain X in site Y" will > > have different answers. In this case the client will be > > authenticated (and etc.) by a DC local to its own site. > > > > A best practice and highly recommended is to have AT LEAST 2 DCs for > > each domain and also to backup AT LEAST 2 DCs for each domain. In > > your case it is unknown to us how many users you have in your > > organization (at both location) so it is difficult to say how many > > DCs each location should get. * If you always need authentication > > within a site in the situation a DC might crash use 2 DCs for each > > location. Might be rather expensive is the organization is small * > > If you have a location with many users and a location with few users > > you could install 2 DCs at the "many users location" and 1 DC at the > > "few users location". If one of the DCs in the "many users location" > > drops dead you still have the second DC to authenticate locally. If > > the DC in the "few users location" drops dead you will need to > > authenticate across the wireless connection * If both locations have > > not that many users and you want to spend that much money on DCs, > > you could install just 1 DC at each location where each DC must be > > able to service user/clients/servers in both locations if one of the > > DCs drops dead. > > > > >From what you have told us and what I have read I think the following would > be OK: > > * 1 DC at each location > > * 1 AD site for each location > > * Assign subnets of each location to its corresponding AD site > > * Use the default IP site link and assign both sites to it and > > configure the site link accordingly for replication between the > > sites (cost, schedule, interval) * Combine DC, DNS, WINS, DHCP on > > one server and if needed wanted setup DHCP redundant using the 80/20 > > rule > > > > I hope this takes away you confusion > > > > Cheers, > > Jorge > > > > ________________________________ > > > > From: [EMAIL PROTECTED] on behalf of rania > > Sent: Sun 10/16/2005 2:00 AM > > To: [email protected] > > Subject: [ActiveDir] AD/ Sites & Services > > > > Dear All, > > > > I have here in My Company, 2 Sepearate Locations, the First one is Head > > Office , the second one is the Private office . > > > > The head office have one single Network with this Range of IP- > > Address ( > > 70.0.0.X / 255.255.255.0 ) . > > > > We have Wireless -Point-To-Point Between the 2 locations . > > > > The Privare office have also one single Network with the same range > > of IP-Address in the Head office which is ( 70.0.0.X / 255.255.255.0 > > ). > > > > All of them is under Workgroup, and no domains at all . ------------- > > --------- > > ---------------------------------------------------------------------- > > what we need , is to create domain and to provide users with the > > authentication from the domain by using user name & Password. > > ----------------------------- > > > > My question is here, i am really get confused, what should i follow :- > > > > 1- Should i follow Single Site for the 2 locations & each site will > > represented by subnet , so i will have 2 subnets in one site ? > > > > Or > > > > 2- should i follw Multiple Site with one subnet at least in each > > site, and each site will represent the location it self ? > > > > i really get confused. > > > > as i know the site is used for the Replication , so i want to simple > > the replication it self. > > > > CAN ANY ONE GUIDE ME TO THE BEST OF IT. > > > > Best Regards, > > RANIA SAMEER. > > List info : http://www.activedir.org/List.aspx > > List FAQ : http://www.activedir.org/ListFAQ.aspx > > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > This e-mail and any attachment is for authorised use by the intended > > recipient(s) only. It may contain proprietary material, confidential > > information and/or be subject to legal privilege. It should not be > > copied, disclosed to, retained or used by, any other party. If you > > are not an intended recipient then please promptly delete this e- > > mail and any attachment and all copies and inform the sender. Thank you. > > List info : http://www.activedir.org/List.aspx > > List FAQ : http://www.activedir.org/ListFAQ.aspx > > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
