I have a Root domain in DC and i want to implement the branch office which is located in Asia as a child domain to the DC office. What are the disadvantages related to this? I have very relatively slower internet connection in the branch office. Any opnionons appreciated! IT guy

When it comes to AD design, you always begin with a single forest/single domain model. What are some reasons to introduce a child domain? Well, here are a few common reasons: 1) You have requirements for a different password policy and you are not running 2008 therefore you cannot leverage Fine Grained Password Policies 2) You want to severly limit replication traffic. There are other reasons, some business, but mostly political. The downside to introducing complexity not only to AD but just about anything is that multiple domains require additional costs and managment. If you really dont need the child domain, I would try to avoid it. Visit: anITKB.com, an IT Knowledge Base.

Hello, first of all, note that it is recommended to have at least two DC/DNS/GC servers per domain to ensure the high-availability of AD service and so that you decrease the chance of losing your domain. If you want to use child domains then I recommend that you will have at least two DC/DNS/GC servers per domain => 4 DC/DNS/GC Also, using child domains will increase complexity of AD environment. Child domains can be used to apply multiple password policies but since 2008 server, there is no need for that as with 2008 DFL you can create PSO objects and link them to users / groups so that you can have multiple password policies without the need of child domains. In your case, I recommend that you implement RODCs with enabled password caching so that if WAN connection is down, your users will still able to logon. The use of RODCs will reduce AD replication traffic as it is a one way replication. This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration

Thank you very much guys. I am looking for some solid specific reasons as to why i shouldn't implement the child domain. Below are the charectoristics of my current situation. 1. THe DC office is implemented with Sharepoint 2010 and when the users in the field want to access it asks for repeated password authentication. 2. We want more centralized network to control the field offices and respond to them so that we meet their needs. I am looking for some gneral and specific ideas that what could be the drawbacks for implementing a child domian 10000 miles away from my main office. We also wanto to implement the exchange server in the Field office i dont know how will that work with the exchange server that we already have in our root domain. Your comments are highly appreciated! IT Guy,

Hello IT Guy, You shouldnt have to look for reasons why not to implment a child domain. You should be looking for reason why you should. The fact that the remote office is 10,000 miles away really is of no concern. A better description of that remote office is what type of connection do you have back to the main office. Is there a slow connection? It would be just as problematic for AD if you had two offices 100 yards apart connected with a 56k modem. The main draw back of adding child domains are increased cost in hardware, increase cost in managment, additional complexity (complexity is the enemy of reliability), and increase in licensing. Keep in mind that the recommended DC design for every domain is at least TWO DCs per domain, as a minimum. If you have a child domain, you will need a minimum of 4 DCs if you have two domains. With regard to Exchange, the child domain can participate in the Exchange organization. That's no problem. For specific Exchange related questions, you should definatley follow up on the Exchnage forum. The only two reasons why I would deploy a child domain, based on the Remote office concern would be extreme limitations in bandwidth, and security isolation (say the remote office is really a subsidary of a parent company and they manage their own org). Visit: anITKB.com, an IT Knowledge Base.