Thanks for your reply. Your reply is more than Perfect & really you are very helpful.
Actually, i do not want the user Authentication to be done over the wireless Link. I mean the user in Location A, when he will login in the morning, i want him to go and speake to the DNS which is located in the Factory and then the DNS will reply on him by giving the DC which is located in Factory So i do not want the Authentication Traffic will travle from the Location A to location B. 2- I have in the Location A which is the Head office 30 Users with this Domain name ( MYDOMAIN.COM ) , and we bring 2 Domain Controllers to work as Backup in the Head office. 3- in the FACTORY or in the LOCATION B, i have 20 users and child domain with this name ( child.mydomain.com) and one domain controller only in this location. 4- iam unable exactly to imagin how can i do that , so can you guide me to this? 5- is there any software can i use to trace the traffic and see that this user is now talking to this DNS and asking for the domain controller . > Hi Rania, > > One forest with one domain should do it for you and make all DCs a GC > > The site and replication topology is used: > * By DCs so they know with which DC to replicate with within a site > and between sites * By clients/servers to find the "nearest" DC for > authentication, GPOs, etc. > > Now we need to define "nearest".... > > The clients get the nearest DC by querying DNS. If the clients don't > know what site they are in (mostly when joining) they ask DNS: "give > me a DC for domain X". If they have discovered the site they are in > they ask DNS: "give me a DC for domain X in site Y" > > In your situation having 2 location separated by a wireless > connection you have the following possibilities: > (1) Create 1 overal site for both locations and assign the subnets > of the locations to that site > (2) Create 2 sites, one for each location and assign the subnets of > each location to the corresponding site > > (1) > The answer for the query for "give me a DC for domain X" and "give > me a DC for domain X in site Y" is the same. Assuming you have DCs > at both locations a client in location A can be serviced by a DC in > location A and B. So authentication across the wireless connection > is a possibility! I don't think you want that > > (2) > Assuming again you have DCs at both locations, the query for "give > me a DC for domain X" and "give me a DC for domain X in site Y" will > have different answers. In this case the client will be > authenticated (and etc.) by a DC local to its own site. > > A best practice and highly recommended is to have AT LEAST 2 DCs for > each domain and also to backup AT LEAST 2 DCs for each domain. In > your case it is unknown to us how many users you have in your > organization (at both location) so it is difficult to say how many > DCs each location should get. * If you always need authentication > within a site in the situation a DC might crash use 2 DCs for each > location. Might be rather expensive is the organization is small * > If you have a location with many users and a location with few users > you could install 2 DCs at the "many users location" and 1 DC at the > "few users location". If one of the DCs in the "many users location" > drops dead you still have the second DC to authenticate locally. If > the DC in the "few users location" drops dead you will need to > authenticate across the wireless connection * If both locations have > not that many users and you want to spend that much money on DCs, > you could install just 1 DC at each location where each DC must be > able to service user/clients/servers in both locations if one of the > DCs drops dead. > > >From what you have told us and what I have read I think the following would be OK: > * 1 DC at each location > * 1 AD site for each location > * Assign subnets of each location to its corresponding AD site > * Use the default IP site link and assign both sites to it and > configure the site link accordingly for replication between the > sites (cost, schedule, interval) * Combine DC, DNS, WINS, DHCP on > one server and if needed wanted setup DHCP redundant using the 80/20 > rule > > I hope this takes away you confusion > > Cheers, > Jorge > > ________________________________ > > From: [EMAIL PROTECTED] on behalf of rania > Sent: Sun 10/16/2005 2:00 AM > To: ActiveDir@mail.activedir.org > Subject: [ActiveDir] AD/ Sites & Services > > Dear All, > > I have here in My Company, 2 Sepearate Locations, the First one is Head > Office , the second one is the Private office . > > The head office have one single Network with this Range of IP- > Address ( > 70.0.0.X / 255.255.255.0 ) . > > We have Wireless -Point-To-Point Between the 2 locations . > > The Privare office have also one single Network with the same range > of IP-Address in the Head office which is ( 70.0.0.X / 255.255.255.0 > ). > > All of them is under Workgroup, and no domains at all . ------------- > --------- > ---------------------------------------------------------------------- > what we need , is to create domain and to provide users with the > authentication from the domain by using user name & Password. > ----------------------------- > > My question is here, i am really get confused, what should i follow :- > > 1- Should i follow Single Site for the 2 locations & each site will > represented by subnet , so i will have 2 subnets in one site ? > > Or > > 2- should i follw Multiple Site with one subnet at least in each > site, and each site will represent the location it self ? > > i really get confused. > > as i know the site is used for the Replication , so i want to simple > the replication it self. > > CAN ANY ONE GUIDE ME TO THE BEST OF IT. > > Best Regards, > RANIA SAMEER. > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > This e-mail and any attachment is for authorised use by the intended > recipient(s) only. It may contain proprietary material, confidential > information and/or be subject to legal privilege. It should not be > copied, disclosed to, retained or used by, any other party. If you > are not an intended recipient then please promptly delete this e- > mail and any attachment and all copies and inform the sender. Thank you. > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
