RE: [ActiveDir] Geographic Domain Setup
You have multiple DCs for redundancy. If one goes down, the others are still available. And your domain (usually) keeps functioning without you having to do a restore. I'm not sure having FE/BE Exchange servers accomplishes the same goal. Most FE Exchange servers do not have a copy the store in my experience. In terms of splitting AV/WSUS - that's something that can only be decided on a case-by-case basis. What hardware exists? Does the administration of the two need to be split between different people? Are they going to be located in physically disparate sites? Cheers Ken > -Original Message- > From: [EMAIL PROTECTED] [mailto:ActiveDir- > [EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA aka Ebitz - SBS > Rocks [MVP] > Sent: Tuesday, 25 October 2005 11:11 AM > To: ActiveDir@mail.activedir.org > Subject: Re: [ActiveDir] Geographic Domain Setup > > Oh don't mind me... I'm SBS... if you are going to spend the bucks on > two domain controllers...why not get duplicates on Exchange/ Front > end/Back end OWA and all that jazz while you are at it. I'm just as > concerned about email these days as I am the domain itself that's all. ;- > ) > > Well.. I'd be implementing a domain even without the > spam/spyware/viruses... I have a domain at home :-) > > Edwin wrote: > > Hardware specifications were never mentioned. I agree. Beefy hardware > is > > not needed for WSUS or for a centralized Anti-Virus Server. The > hardware > > was available and this did not add too much if any administrative > overhead. > > Ideally, if the option is available, you will want to isolate points of > > failure; i.e. I would rather have a WSUS or Anti-Virus server go down > > individually rather then have both of them go down because they were on > the > > same box. > > > > Correct. Workstations were operated by end users without administrative > > privileges. It is because of massive amounts of spam, spyware and > viruses > > that a domain was implemented. I basically took away Administrative > rights > > from every one except those that needed it (SysAdmins). In those cases, > > those individuals had their own workstations that were not on the domain > but > > the user still had access to MS Exchange. That way if something > happened to > > their machine it would not affect the entire network. > > > > The files servers' main purpose was not for file sharing. It was for > > storage of roaming profiles and storage of personal files on a networked > > drive. This was needed so that anyone could sit anywhere and still have > > access to their files. SharePoint was available as an option but that > was > > not a domain controlled server and a separate project. > > > > I don't understand what you mean by having a front/back end Exchange > server > > because of the number of boxes built for the structure of the domain. > Could > > you explain how this relates? > > > > > > Thanks, > > Edwin > > > > > > -Original Message- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, > CPA > > aka Ebitz - SBS Rocks [MVP] > > Sent: Monday, October 24, 2005 8:35 PM > > To: ActiveDir@mail.activedir.org > > Subject: Re: [ActiveDir] Geographic Domain Setup > > > > > > > > You guys really do a separate server for a/v 'and' WSUS? WSUS doesn't > > take that much juice, does need IIS and msde..but still... most folks on > > the WSUS patch management listserve at least aren't putting it on that > > beefy of hardware anyway. Also these days unless you are running without > > local admin rights on those workstations...where's your anti spyware > > server since you are separating things out like that. > > > > Don't you guys want a front end/back end Exchange if you are going to > > start building that many boxes? > > > > TS box? > > SQL? > > Sharepoint? [plain old file and printer sharing is s last year] > > > > And lets see...three locations in Hurricane target zones, one in > > Earthquake zones, not quite sure about the risk factors for Atlanta and > > Vancouver. That should be fun :-) > > > > List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Geographic Domain Setup
I have to agree with Ed on this one (much as it pains me ;) You asked a question and did not indicate any kind of decision points that might warrant a particular design vs. another. You bounced around between one thought before moving to some conversation about a root domain (not always a best practice by the way). If you can give some more information we may be able to help a bit more relating to your question. At face value, I'd say a single domain for the Noth America region. This would be an easy to manage environment IMHO. But beware that that there is SO much to take into account that is less than technical that bringing in a consultant would be a good idea. Divestitures are a tough thing, and if you don't have some experience it's helpful to have some help the first go around to get your sea legs. From: "Ed Crowley [MVP]" <[EMAIL PROTECTED]> Reply-To: ActiveDir@mail.activedir.org To: Subject: RE: [ActiveDir] Geographic Domain Setup Date: Mon, 24 Oct 2005 15:47:45 -0700 You have asked a "consulting engagement" question, the kind of problem that deserves the time, attention and probing that only someone devoting a substantial amount of time working with you can solve. Ed Crowley MCSE+Internet MVP Freelance E-Mail Philosopher Protecting the world from PSTs and Bricked Backups!T _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Edwin Sent: Monday, October 24, 2005 5:38 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Geographic Domain Setup Hello Everyone. The company that I work for has been divided into two isolated parts. As a result the corporate domain that is used will also need to be divided. The employees of the old domain will remain in their place while others will be put into a new domain. One domain will have nothing to do with the other. I have been tasked with heading the creation of a new domain that will be used in different geographic locations; 1. Atlanta, Georgia 2. Miami, Florida 3. Orlando, Florida 4. Houston, Texas 5. Fremont, California 6. Vancouver, Canada I have built a domain before but this was for one office of less than 100 employees. This domain is of a much larger scale and more complex. I have read a few MSFT articles and have a little bit of information as to what I am getting myself into. I was hoping that I would be able to get more information from the community in hopes of getting real life experience knowledge than a document that outlines best practices. When I built the single site domain I had the below configuration that worked very well for me. I think that I am going to create a similar if not exact root domain. I think that I would am having more problems with considering the geographic issues that I will be facing. 2 Domain Controllers Both DNS Servers FSMO roles divided Both Global Catalogs 1 File Server Roaming Profiles Centralized Storage for User Files 1 Anti-Virus Server 1 WSUS Server 1 Exchange Server Thank you all for your replies, Edwin List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] Geographic Domain Setup
Oh don't mind me... I'm SBS... if you are going to spend the bucks on two domain controllers...why not get duplicates on Exchange/ Front end/Back end OWA and all that jazz while you are at it. I'm just as concerned about email these days as I am the domain itself that's all. ;-) Well.. I'd be implementing a domain even without the spam/spyware/viruses... I have a domain at home :-) Edwin wrote: Hardware specifications were never mentioned. I agree. Beefy hardware is not needed for WSUS or for a centralized Anti-Virus Server. The hardware was available and this did not add too much if any administrative overhead. Ideally, if the option is available, you will want to isolate points of failure; i.e. I would rather have a WSUS or Anti-Virus server go down individually rather then have both of them go down because they were on the same box. Correct. Workstations were operated by end users without administrative privileges. It is because of massive amounts of spam, spyware and viruses that a domain was implemented. I basically took away Administrative rights from every one except those that needed it (SysAdmins). In those cases, those individuals had their own workstations that were not on the domain but the user still had access to MS Exchange. That way if something happened to their machine it would not affect the entire network. The files servers' main purpose was not for file sharing. It was for storage of roaming profiles and storage of personal files on a networked drive. This was needed so that anyone could sit anywhere and still have access to their files. SharePoint was available as an option but that was not a domain controlled server and a separate project. I don't understand what you mean by having a front/back end Exchange server because of the number of boxes built for the structure of the domain. Could you explain how this relates? Thanks, Edwin -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Sent: Monday, October 24, 2005 8:35 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Geographic Domain Setup You guys really do a separate server for a/v 'and' WSUS? WSUS doesn't take that much juice, does need IIS and msde..but still... most folks on the WSUS patch management listserve at least aren't putting it on that beefy of hardware anyway. Also these days unless you are running without local admin rights on those workstations...where's your anti spyware server since you are separating things out like that. Don't you guys want a front end/back end Exchange if you are going to start building that many boxes? TS box? SQL? Sharepoint? [plain old file and printer sharing is s last year] And lets see...three locations in Hurricane target zones, one in Earthquake zones, not quite sure about the risk factors for Atlanta and Vancouver. That should be fun :-) Ed Crowley [MVP] wrote: You have asked a "consulting engagement" question, the kind of problem that deserves the time, attention and probing that only someone devoting a substantial amount of time working with you can solve. Ed Crowley MCSE+Internet MVP Freelance E-Mail Philosopher Protecting the world from PSTs and Bricked Backups!T *From:* [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] *On Behalf Of *Edwin *Sent:* Monday, October 24, 2005 5:38 AM *To:* ActiveDir@mail.activedir.org *Subject:* [ActiveDir] Geographic Domain Setup Hello Everyone. The company that I work for has been divided into two isolated parts. As a result the corporate domain that is used will also need to be divided. The employees of the old domain will remain in their place while others will be put into a new domain. One domain will have nothing to do with the other. I have been tasked with heading the creation of a new domain that will be used in different geographic locations; 1. Atlanta, Georgia 2. Miami, Florida 3. Orlando, Florida 4. Houston, Texas 5. Fremont, California 6. Vancouver, Canada I have built a domain before but this was for one office of less than 100 employees. This domain is of a much larger scale and more complex. I have read a few MSFT articles and have a little bit of information as to what I am getting myself into. I was hoping that I would be able to get more information from the community in hopes of getting real life experience knowledge than a document that outlines best practices. When I built the single site domain I had the below configuration that worked very well for me. I think that I am going to create a similar if not exact root domain. I think that I would am having more problems with considering the geographic issues that I will be facing. 2 Domain Controllers Both DNS Servers FSMO roles divided
RE: [ActiveDir] Geographic Domain Setup
Hardware specifications were never mentioned. I agree. Beefy hardware is not needed for WSUS or for a centralized Anti-Virus Server. The hardware was available and this did not add too much if any administrative overhead. Ideally, if the option is available, you will want to isolate points of failure; i.e. I would rather have a WSUS or Anti-Virus server go down individually rather then have both of them go down because they were on the same box. Correct. Workstations were operated by end users without administrative privileges. It is because of massive amounts of spam, spyware and viruses that a domain was implemented. I basically took away Administrative rights from every one except those that needed it (SysAdmins). In those cases, those individuals had their own workstations that were not on the domain but the user still had access to MS Exchange. That way if something happened to their machine it would not affect the entire network. The files servers' main purpose was not for file sharing. It was for storage of roaming profiles and storage of personal files on a networked drive. This was needed so that anyone could sit anywhere and still have access to their files. SharePoint was available as an option but that was not a domain controlled server and a separate project. I don't understand what you mean by having a front/back end Exchange server because of the number of boxes built for the structure of the domain. Could you explain how this relates? Thanks, Edwin -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Sent: Monday, October 24, 2005 8:35 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Geographic Domain Setup You guys really do a separate server for a/v 'and' WSUS? WSUS doesn't take that much juice, does need IIS and msde..but still... most folks on the WSUS patch management listserve at least aren't putting it on that beefy of hardware anyway. Also these days unless you are running without local admin rights on those workstations...where's your anti spyware server since you are separating things out like that. Don't you guys want a front end/back end Exchange if you are going to start building that many boxes? TS box? SQL? Sharepoint? [plain old file and printer sharing is s last year] And lets see...three locations in Hurricane target zones, one in Earthquake zones, not quite sure about the risk factors for Atlanta and Vancouver. That should be fun :-) Ed Crowley [MVP] wrote: > You have asked a "consulting engagement" question, the kind of problem > that deserves the time, attention and probing that only someone > devoting a substantial amount of time working with you can solve. > > Ed Crowley MCSE+Internet MVP > Freelance E-Mail Philosopher > Protecting the world from PSTs and Bricked Backups!T > > > > *From:* [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] *On Behalf Of *Edwin > *Sent:* Monday, October 24, 2005 5:38 AM > *To:* ActiveDir@mail.activedir.org > *Subject:* [ActiveDir] Geographic Domain Setup > > Hello Everyone. > > The company that I work for has been divided into two isolated parts. > As a result the corporate domain that is used will also need to be > divided. The employees of the old domain will remain in their place > while others will be put into a new domain. One domain will have > nothing to do with the other. I have been tasked with heading the > creation of a new domain that will be used in different geographic > locations; > >1. Atlanta, Georgia >2. Miami, Florida >3. Orlando, Florida >4. Houston, Texas >5. Fremont, California >6. Vancouver, Canada > > I have built a domain before but this was for one office of less than > 100 employees. This domain is of a much larger scale and more complex. > I have read a few MSFT articles and have a little bit of information > as to what I am getting myself into. I was hoping that I would be able > to get more information from the community in hopes of getting real > life experience knowledge than a document that outlines best practices. > > When I built the single site domain I had the below configuration that > worked very well for me. I think that I am going to create a similar > if not exact root domain. I think that I would am having more problems > with considering the geographic issues that I will be facing. > > 2 Domain Controllers > > Both DNS Servers > > FSMO roles divided > > Both Global Catalogs > > 1 File Server > > Roaming Profiles > > Centralized Storage for User Files > > 1 Anti-Virus Server > > 1 WSUS Server > > 1 Exchange Ser
Re: [ActiveDir] Geographic Domain Setup
You guys really do a separate server for a/v 'and' WSUS? WSUS doesn't take that much juice, does need IIS and msde..but still... most folks on the WSUS patch management listserve at least aren't putting it on that beefy of hardware anyway. Also these days unless you are running without local admin rights on those workstations...where's your anti spyware server since you are separating things out like that. Don't you guys want a front end/back end Exchange if you are going to start building that many boxes? TS box? SQL? Sharepoint? [plain old file and printer sharing is s last year] And lets see...three locations in Hurricane target zones, one in Earthquake zones, not quite sure about the risk factors for Atlanta and Vancouver. That should be fun :-) Ed Crowley [MVP] wrote: You have asked a "consulting engagement" question, the kind of problem that deserves the time, attention and probing that only someone devoting a substantial amount of time working with you can solve. Ed Crowley MCSE+Internet MVP Freelance E-Mail Philosopher Protecting the world from PSTs and Bricked Backups!™ *From:* [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] *On Behalf Of *Edwin *Sent:* Monday, October 24, 2005 5:38 AM *To:* ActiveDir@mail.activedir.org *Subject:* [ActiveDir] Geographic Domain Setup Hello Everyone. The company that I work for has been divided into two isolated parts. As a result the corporate domain that is used will also need to be divided. The employees of the old domain will remain in their place while others will be put into a new domain. One domain will have nothing to do with the other. I have been tasked with heading the creation of a new domain that will be used in different geographic locations; 1. Atlanta, Georgia 2. Miami, Florida 3. Orlando, Florida 4. Houston, Texas 5. Fremont, California 6. Vancouver, Canada I have built a domain before but this was for one office of less than 100 employees. This domain is of a much larger scale and more complex. I have read a few MSFT articles and have a little bit of information as to what I am getting myself into. I was hoping that I would be able to get more information from the community in hopes of getting real life experience knowledge than a document that outlines best practices. When I built the single site domain I had the below configuration that worked very well for me. I think that I am going to create a similar if not exact root domain. I think that I would am having more problems with considering the geographic issues that I will be facing. 2 Domain Controllers Both DNS Servers FSMO roles divided Both Global Catalogs 1 File Server Roaming Profiles Centralized Storage for User Files 1 Anti-Virus Server 1 WSUS Server 1 Exchange Server Thank you all for your replies, Edwin -- Letting your vendors set your risk analysis these days? http://www.threatcode.com List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Geographic Domain Setup
You have asked a "consulting engagement" question, the kind of problem that deserves the time, attention and probing that only someone devoting a substantial amount of time working with you can solve. Ed Crowley MCSE+Internet MVPFreelance E-Mail PhilosopherProtecting the world from PSTs and Bricked Backups!™ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of EdwinSent: Monday, October 24, 2005 5:38 AMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Geographic Domain Setup Hello Everyone. The company that I work for has been divided into two isolated parts. As a result the corporate domain that is used will also need to be divided. The employees of the old domain will remain in their place while others will be put into a new domain. One domain will have nothing to do with the other. I have been tasked with heading the creation of a new domain that will be used in different geographic locations; Atlanta, Georgia Miami, Florida Orlando, Florida Houston, Texas Fremont, California Vancouver, Canada I have built a domain before but this was for one office of less than 100 employees. This domain is of a much larger scale and more complex. I have read a few MSFT articles and have a little bit of information as to what I am getting myself into. I was hoping that I would be able to get more information from the community in hopes of getting real life experience knowledge than a document that outlines best practices. When I built the single site domain I had the below configuration that worked very well for me. I think that I am going to create a similar if not exact root domain. I think that I would am having more problems with considering the geographic issues that I will be facing. 2 Domain Controllers Both DNS Servers FSMO roles divided Both Global Catalogs 1 File Server Roaming Profiles Centralized Storage for User Files 1 Anti-Virus Server 1 WSUS Server 1 Exchange Server Thank you all for your replies, Edwin