Re: Branch Office Authentication?

in the text:

"Rob" <YourName@xxxxxxxxxxxx> wrote in message
news:eHMk0VDIGHA.740@xxxxxxxxxxxxxxxxxxxxxxx
>I have several Win2003 servers in my main office. I am about to deploy a
> 2003 server to a branch office, connected by VPN. I am going to add the
> branch server as a DC and join it to the domain.
>
> 1. Is there a way to force branch users to authenticate to the branch DC
> to
> save log on time/logon scripts?

you should establish site topology - go to AD Sites and Services and create
a new *site* for your branch office. Move your branch server object from
"Default-First-Site-Name" to the newly created one. Then create an IP
address range/s that will be available in the branch office and add the
newly created site to the IP range.

Generally, your DCs use the "site" container to determine their site
membership. Member computers (servers and clients) determine their site
membership by means of their IP address. When a member server logs on a
user, it always try to determine its site membership and so its nearest DCs.

Also, you have to mark your branch office's DC as a "global catalog". This
can be done also in the snap-in. Open your branch office DC object in the
"sites" container and check the checkbox in "NTDS Settings" properties.

Also, you should install a DNS server on the branch office DC because domain
members use the DNS to detect their servers. The whole process is actually
the following:

- member client starts up
- if the client does not know anything about the domain, it queries DNS to
get ANY available DC.
- from this DC, the client gets site/subnet information of its own
- client determines its site from the information obtained and again queries
the DNS to get DCs of the appropriate site.
- client connects to ANY DC of its respective site
- the DC authenticates the computer/user and itself queries the nearest
Global Catalog to get the whole forest domain membership for the user


> 2. If the VPN goes down between the offices, will the branch users still
> be
> able to log on to the domain through the branch DC?

yes, no problem. Also, in the event of the local DC is not available, they
will authenticate over the VPN so you are safe of branch DC outages.

>
> Thanks,
> Rob


No problem,
Ond



.

Relevant Pages

  • Re: Users share only visible on server
    ... attached to 192.168.3/24 branch office network. ... Windows Small Business Server ... communication are not working from the remote office client. ...
    (microsoft.public.windows.server.sbs)
  • Re: Port 1025 RPC /Lsass.exe
    ... Clients use DNS to locate all domain controllers in domain. ... Next thing -- client will try to talk to the DC it chose. ... from command line to see which server authenticated the client. ... We have a branch office with approx 40 users. ...
    (microsoft.public.windows.server.networking)
  • Re: Which replication topology?
    ... >A central subscriber and transactional replication will work for you. ... >branch office needs to see data in the central subscriber or branch office ... >b use a linked server to connect to the central subscriber of branch office ... I mean that in my solution each client from branch A who want to connect to ...
    (microsoft.public.sqlserver.replication)
  • Re: Session_OnEnd doesnt get called when shutting down a browser
    ... How would you use JavaScript to disable browser closing? ... > As you are developing a membership based system, ... >> client attemts to login, i write a special cookie to their browser, ... >> server attempts to find the resource the client is after, ...
    (microsoft.public.inetserver.asp.general)
  • VPN for SCO OSR 5.0.6 ???
    ... login from the client at the branch office to the server at the main ... finding how to set up the VPN server at the main office. ... Dell Server, SCO OSR Enterprise 5.0.6., LAN, DSL ISP access - dynamic ... Gateway client, Windows XP, LAN, DSL ISP access - dynamic IP address. ...
    (comp.unix.sco.misc)