help: Design Active Dir. for company with 4 offices

Discussion in 'Windows Server' started by mehargags, Nov 30, 2011.

  1. mehargags

    mehargags MDL Member

    Dec 1, 2008
    Hi all,

    I couldn't spot any other place to post this so pardon if this is the wrong section. This thread is to discuss opinions about a solution i need to design for the client...

    I Need help designing Active Directory for a client who has 4 branch offices and one head office. The 4 sites have user email IDs in Same primary domain as well as 2-3 more domains, which are sister concern companies for the Primary company.

    Biggest question : Should I use SBS or use 2008 R2? or regular 2008 R2

    If I close down to single forest/domain, I want ideas on how to create my FIRST server. what I plan is:

    Primary domain:

    Other regd. company domains:,

    4 sites have people working for all 3 domains stated above. So I plan to make 4 sites:

    All above 4 sites will be part of one major AD: company.local ( This AD server will be at a 5th location where the IT manager will have physical access to this Primary AD server, she'd be controlling all policies from this which will be in affect on other 4 sites...

    Please shed some more light on the plan...

    Also I do plan to use Exchange for emails.. but later... once all data is centrally managed, practised and adapted by the underlying users at all 4 sites. There are a total of 5 email domains that will be required....

    The client currently is not using any collaboration tools like sharepoint etc. They don't even have client server architecture at the moment.. all computers at different sites operate in a hay-way workgroup mode. No centralization at all.. That is the concern for the stakeholders, as the company has grown more than 5 folds in past 5 years, they are a pharma company who is into
    1. Manufacturing medicine -Labs and Pharma plant (primary domain)
    2. Research in Bio technology
    3. IT arm of this company making ERPs for pharma companies. They develop & sell customised Software to many small and medium pharma companies (small team of 15 people)

    As stated, I'm to start from scratch for them, so instead of rushing to put up a server there, I want to dedicate time in planning...

    At the moment, we need to start with first H.O. with around 25-30 people. I need to put a first server there, configure "AD for this site only", configure folder redir for users and if possible create exchange for them too!! Then give this a test run for a month or so. This AD can be remotely managed by the IT Manager and "me"

    Likewise once the stake holder's are satisfied, we move to second site, do the same, put a server there, centralise data adn move to third and 4th site

    Once all 4 sites have 4 Servers (4 ADs) setup and running separately, the IT manager, who heads the ERP development team and sits at the 5th Site, will get a NEW Server, which will be configured to be as the SUPER AD. all 4 previous servers will connect to this one server for AD backup (data backup will be treated seprately per site) and will impose policies to underlying 4 servers as set on the SUPER AD.

    my explaination above my not adhere to how AD actually works, but thats how the flow of action needs to be with the client. SO I seek some pointers on how to design EACH SERVER individually for each site, so that later when all 4 sites have servers, we can create trusts between them, or join all of them to a SUPER AD to get their policies etc..

    I hope I was more clear on the scenario, thanks for reading up...
    My main dilemma is should I put 4 SBS servers at each site or should I make them as regular ADs in a single forest. cost is concern to the company.. so help me decide

  2. dougsta

    dougsta MDL Novice

    Aug 13, 2010
    I have worked in AD design for over 10 years in an IT consultancy and MS Gold Partner.
    I would strongly advise that anyone doing this kind of work for a client be fully trained and mentored by an experienced professional. Btw these guys cost about 750-1000 euro/day but for a good reason.
    Initial costs are a factor in all designs but how much would a bad design cost in the end?
  3. 100

    100 MDL Expert

    May 17, 2011
    I fully agree. That's not a small setup, and there really are a lot of details to think about.

    Generally though, SBS isn't going to cut it. With SBS you are limited to a single domain, and 75 users or workstations max. If you ever need to establish trust relationships with other domains or manage more than 75 clients that's not going to be possible.

    Using your existing environment as a test setup isn't a particularly good idea.
    Set up a small separate network resembling your planned environment (simulating multiple sites and DCs, etc.) to familiarize yourself and your IT staff with managing it and to test things, and when you're comfortable with how it works you can start setting up the production environment.
    At some point, something you're testing will eventually go wrong, and you want that to happen on your test setup. :)
  4. sebus

    sebus MDL Guru

    Jul 23, 2008
    Always amazes me how difficult it can be to deal with AD. If one were doing it with Novell eDirectory none of these would matter, if you need to change anything just move the object around to best fit & all will flow nicely in the background.

    As to the cost of consultants? Yes, they are expensive, are they worth the money? That could be a big separate discussion...

  5. dougsta

    dougsta MDL Novice

    Aug 13, 2010
    It's quite easy to put together a quick fix that on the surface looks better than the current, let's call it un-managed current state, but that just maintains the status quo.
    A good consultant will deliver a best practice solution, it will have a defined scope agreed with the client, it will be based on discovery and information gathering, it will be tested, it will be fully documented, it will be implemented through change management, it will be supported, it will be scalable and resilient, it will have security planning, disaster recovery procedures…
    And for the bean counters, a good consultant will deliver cost savings to the business.
  6. sebus

    sebus MDL Guru

    Jul 23, 2008
    Stopped reading fairytales long time ago, still like watching cartoons...