Active Directory Design

Please assist me in how I design my active directory hierarchy based on the following.

• We have a corporate office where there 8-10 departments and 200+ <250 users are present.
• We have two factories and one site office in different geographical locations. They all are connected via VPN.
• In our factory there is an average of 150 users and in the site office there are 30/35 users.
• Currently we are planning to implement AD in our head office only. But we must consider the future development in our factory and site office.
• All our PCs are Windows XP and few of them are Win7 we are slowly migrating to Win7
• We have Windows 2003 Server.

That's it.

1. Should I create multiple domains for each department?
2. Is it good to create DNS in the same Server where AD installed?
3. Do we need to buy physical servers for each location?
4. What design considerations should I keep in mind when we implement AD in other locations?
5. Is it a good Idea to use a high configure PC as a server? Or should I buy a Server for this purpose?

*4. I want to say that: for now we will implement AD in our head office. So, what designing matter should I consider now for future implementation?

• Thanks. Shahidul

I am querying a lot....... :)

Should I create multiple domains for each department?

As you talk about "best practice", from a technological viewpoint at least, the correct answer to "how many domains" is always "as few as possible". As there's nothing in your spec that requires more than one domain, the answer is: No.

Is it good to create DNS in the same Server where AD installed?

Yes. DNS for AD is usually best held within AD.

Do we need to buy physical servers for each location?

As opposed to doing what instead? If you need a DC in an area then you need something to host that DC.

What design considerations should I keep in mind when we implement AD in other locations?

In what sense do you mean? In broad terms, the best design mantra for anything in IT is "Design your solution to be as simple as possible to get the job done properly. Then stop".

Is it a good Idea to use a high configure PC as a server?

No. Its possible to buy perfectly good, cheap servers for about the same price as a "high end PC". Now if you don't have any budget for servers but you have a storeroom full of "high end PCs" that are doing nothing, then using one of those to provide an adequate amount of DCs is probably better than having an inadequate amount of DCs, but its not something I'd plan on doing, no.

Or should I buy a Server for this purpose?

So, er, yes.

To answer your 5 questions

1. No, there's no need for multiple domains for a scenario like the one you describe
2. Yes. AD DS is dependent on an integrated DNS infrastructure and DNS data should replicate along with other AD partitions between domain controllers
3. It is not necessary, but highly recommendable
4. Not exactly sure what you mean here...
5. Use server hardware for server software purposes

That being said, as Sam pointed out, it sounds like you are in over your head here. Please consult a professional with prior experience in enterprise directory architecture. Plan, plan, plan.

Before you even think about buying or installing anything, make a thorough architectural design plan, taking into account the supporting network infrastructure, replication paths, logical seperation of objects, security concerns etc., and again...

PLEASE CONSULT A PROFESSIONAL

1. No.

2. Yes.

3. You need at least one physical server. You can then decide whether to install Windows directly on the server or to install a hypervisor on the server and deploy virtual machines.

4. KIS. Keep It Simple.

5. No. Yes.