Hi, I am a NetWare person learning AD, please forgive me if this is a basic question! The company I work for are rolling out W2K AD throughout. They are using one domain serving all 1500 employees and have a scattering of DC's around key geographical sites. For the small branches they are not putting DC's in (Sub 30 people) only member servers and are setting the clients to connect to a nearby DC via VPN. My problem is that if the branches vpn (or internet line) goes down they cannot log in to their local member server (because they need the DC to auth to?).

I wondered whether there is any way of having the local servers hold just enough info about the directory to allow them to auth to the server and therefore access their data even if the main DC is not available? A filtered replica perhaps... I think they do not want a "Full" DC as there would be too much replication (at over 60 sites in total)

Any help would be really appreciated, the basic principal would help so I can look it up further

Thank

Graham

Graham basic questions are very welcome -

How ever you actually need a DC for Authentication at each site, if there is
a member server at each location, I don't see any reason why not promote
them to DCs for fault tolerance.

Make sure you understand how replication works, and the terms of GCS (Global
Catalog Servers) You may should read the guide below.

Step-by-Step Guide to Active Directory Sites and Services:
http://www.microsoft.com/windows2000...ry/adsites.asp

--
Regards,

Christoffer Andersson
No email replies please - reply in the newsgroup
If the information was help full, you can let me know at:
http://www.itsystem.se/employers.asp?ID=1

"Graham brown" <anonymous@discussions.microsoft.com> skrev i meddelandet
news:913639C4-48E5-4EC3-8403-7B1D3AE42F05@microsoft.com...
They are using one domain serving all 1500 employees and have a scattering
of DC's around key geographical sites. For the small branches they are not
putting DC's in (Sub 30 people) only member servers and are setting the
clients to connect to a nearby DC via VPN. My problem is that if the
branches vpn (or internet line) goes down they cannot log in to their local
member server (because they need the DC to auth to?).
therefore access their data even if the main DC is not available? A filtered
replica perhaps... I think they do not want a "Full" DC as there would be
too much replication (at over 60 sites in total).

Hi,

This design guide might help:

http://www.microsoft.com/technet/tre...n/bpaddsgn.asp

Notice the guidelines about replication over slow links. As I read it, your
traffic will be no problem at all. If the slowest link is 9.6 kbps, the
recommendation is that your domain have no more than 20,000 users. The
number of sites should not be a problem. If at all possible, have a DC with
a GC at every site. Logon can be slow without a local DC. The GC is needed
for Universal group memberships, unless your are at Wk3 functional level.

--
Richard
Microsoft MVP Scripting and ADSI
HilltopLab web site - http://www.rlmueller.net
--
"Chriss3" <noSpamHere@chrisse.se> wrote in message
news:umC$OCk%23DHA.3176@TK2MSFTNGP11.phx.gbl...

rolling out W2K AD throughout. They are using one domain
serving all 1500 employees and have a scattering of DC's
around key geographical sites. For the small branches
they are not putting DC's in (Sub 30 people) only member
servers and are setting the clients to connect to a nearby
DC via VPN. My problem is that if the branches vpn (or
internet line) goes down they cannot log in to their local
member server (because they need the DC to auth to?).
them to auth to the server and therefore access their data
even if the main DC is not available? A filtered replica
perhaps... I think they do not want a "Full" DC as there
would be too much replication (at over 60 sites in total).
vpn. Another option would be to create seperate domains
for a few of your DC's and delegate bridgehead servers.
This option will allow you to control the times that the
servers replicate information not critical (i.e adding new
users etc.) Hope it helps