How GP will synchornize?
Hello, GPO questions are better asked in http://social.technet.microsoft.com/Forums/en/winserverGP/threads?page=1 I can see no need for a multi domain forest in your case. Use a single domain with at least 2 DC/DNS/GC for failover and redundancy.Best regards Meinolf Weber MVP, MCP, MCTS Microsoft MVP - Directory Services My Blog: http://msmvps.com/blogs/mweber/ Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
March 22nd, 2012 7:42am

Dear All, I have to create a domain for around 500 domain user from Scratch, what is the best practice for creating a domain for around 500 user. ( The OS is Windows Server 2008 R2 Standard ) should i create a one Single domain, in one Single Forest for all the 500 user? what precaution should i take, so that i must not face any problem in future. as well as there are around 50 Laptop user. how will the GP will synchronize if they don't come in Company LAN network ( for around 3 to 6 month ). is there any method to synchronize GP via Internet. Waiting for ur valuable suggestion Best Regards, Param Thanks & Regards, Param MCSE, CCNA For Live Voice Discussion on any IT related issue, please vist my blog at www.paramgupta.blogspot.com
Free Windows Admin Tool Kit Click here and download it now
March 22nd, 2012 8:00am

On which server You want to create domain? My suggestion is that you use single domain in single forest on Windows server 2008 R2, and maybe to consider configuring DirectAccess for laptop users Best regards Dubravko
March 22nd, 2012 8:45am

Hello, I have to create a domain for around 500 domain user from Scratch, what is the best practice for creating a domain for around 500 user. ( The OS is Windows Server 2008 R2 Standard ) should i create a one Single domain, in one Single Forest for all the 500 user? What I would recommend is making your AD environment as simple as possible. For that, I would recommend using a single domain in a single AD forest. what precaution should i take, so that i must not face any problem in future. I would recommend having at least two DC / DNS / GC servers in each domain you are planning to have. Also, perform periodically at least a system state backup of a DC / GC server in each domain you will have. as well as there are around 50 Laptop user. how will the GP will synchronize if they don't come in Company LAN network ( for around 3 to 6 month ). is there any method to synchronize GP via Internet. Next time they will logon, group policies will be applied. For group policy appliance, VPN clients access may be an option. This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner 2010 / 2011 Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows 7, Configuring Microsoft Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations Microsoft Certified IT Professional: Enterprise Administrator Microsoft Certified IT Professional: Server Administrator Microsoft Certified Trainer
Free Windows Admin Tool Kit Click here and download it now
March 22nd, 2012 9:19am

On which server You want to create domain? My suggestion is that you use single domain in single forest on Windows server 2008 R2, and maybe to consider configuring DirectAccess for laptop users Best regards Dubravko Hi Dubravko, Thanks for ur suggestion. Please let me know what do u mean by "consider Configuring DirectAccess for laptop users" Pleae elaborate. Best Regards, Param Thanks & Regards, Param MCSE, CCNA For Live Voice Discussion on any IT related issue, please vist my blog at www.paramgupta.blogspot.com
March 23rd, 2012 2:46am

Hello, I have to create a domain for around 500 domain user from Scratch, what is the best practice for creating a domain for around 500 user. ( The OS is Windows Server 2008 R2 Standard ) should i create a one Single domain, in one Single Forest for all the 500 user? What I would recommend is making your AD environment as simple as possible. For that, I would recommend using a single domain in a single AD forest. what precaution should i take, so that i must not face any problem in future. I would recommend having at least two DC / DNS / GC servers in each domain you are planning to have. Also, perform periodically at least a system state backup of a DC / GC server in each domain you will have. as well as there are around 50 Laptop user. how will the GP will synchronize if they don't come in Company LAN network ( for around 3 to 6 month ). is there any method to synchronize GP via Internet. Next time they will logon, group policies will be applied. For group policy appliance, VPN clients access may be an option. This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner 2010 / 2011 Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows 7, Configuring Microsoft Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations Microsoft Certified IT Professional: Enterprise Administrator Microsoft Certified IT Professional: Server Administrator Microsoft Certified Trainer Hi Mr X Advancia IT System, Thanks for ur post. Please elaborate more on "For group policy appliance, VPN clients access may be an option." As they (laptop user) are not in the company ( and will be outside of the company for around 3 to 6 month ) than how you are telling me that "Next time they will logon, group policies will be applied." Waiting. Best Regards, Param Thanks & Regards, Param MCSE, CCNA For Live Voice Discussion on any IT related issue, please vist my blog at www.paramgupta.blogspot.com
Free Windows Admin Tool Kit Click here and download it now
March 23rd, 2012 2:54am

On which server You want to create domain? My suggestion is that you use single domain in single forest on Windows server 2008 R2, and maybe to consider configuring DirectAccess for laptop users Best regards Dubravko Hi Dubravko, Thanks for ur suggestion. Please let me know what do u mean by "consider Configuring DirectAccess for laptop users" Pleae elaborate. Best Regards, Param Thanks & Regards, Param MCSE, CCNA For Live Voice Discussion on any IT related issue, please vist my blog at www.paramgupta.blogspot.com Hi Param DirectAccess allows users to remotely (secure) connect to your domain infrastructure without vpn connection. Experience is same like they are part of LAN (of course depends on link speed). I think that this will resolve your GP synchronization problem More info for DirectAccess can be found here: http://technet.microsoft.com/en-us/network/dd420463 Best Regards DubravkoBest regards Dubravko Marak MCP Blog: Windows Server Administration Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
March 23rd, 2012 2:57am

On which server You want to create domain? My suggestion is that you use single domain in single forest on Windows server 2008 R2, and maybe to consider configuring DirectAccess for laptop users Best regards Dubravko Hi Dubravko, Thanks for ur suggestion. Please let me know what do u mean by "consider Configuring DirectAccess for laptop users" Pleae elaborate. Best Regards, Param Thanks & Regards, Param MCSE, CCNA For Live Voice Discussion on any IT related issue, please vist my blog at www.paramgupta.blogspot.com Hi Param DirectAccess allows users to remotely (secure) connect to your domain infrastructure without vpn connection. Experience is same like they are part of LAN (of course depends on link speed). I think that this will resolve your GP synchronization problem More info for DirectAccess can be found here: http://technet.microsoft.com/en-us/network/dd420463 Best Regards Dubravko Best regards Dubravko Marak MCP Blog: Windows Server Administration Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. Hi Dubravko, Thanks for ur reply. i have gone through Direct Access Requirements. I had found that the laptop user should have atleast Windows 7 Enterprise or Windows 7 Ultimate Operating System. But here, we have Window XP and Window 7 Professional What do u suggest now. Best Regards, ParamThanks & Regards, Param MCSE, CCNA For Live Voice Discussion on any IT related issue, please vist my blog at www.paramgupta.blogspot.com
Free Windows Admin Tool Kit Click here and download it now
March 23rd, 2012 4:01am

As Mr X said VPN Client access could be an option. But in my experience I had problems with GP synchronization over VPN connection. Not all clients were receive new GP settings. My recomendation is that you should try to upgrade to Windows 7 Enterprise or Ultimate. Of course considering finance. :(Best regards Dubravko Marak MCP Blog: Windows Server Administration Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
March 23rd, 2012 5:22am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics