How do I perform this Active Directory black magic?
March 25, 2008 10:06 AM Subscribe
Best way to perform this Active Directory black magic? Our company has dozens of Windows terminal servers at remote locations (client sites), and we need a way to centralize Active Directory.
posted by arnold to computers & internet (5 answers total) 2 users marked this as a favorite
Currently, most of these are connected via OpenVPN back to a subnet here. I have a couple set up as domain controllers for a child domain, but this is becoming really hairy to manage, as logons take forever due to the VPN lag, the unpredictability of our clients' internet access, and various other factors. Add on to that, group policy settings in our central location are more suited to our set up here rather than the many varying setups at our client sites.
Previously, all these servers used local accounts only and this is also frustrating to manage, as well as a security problem, since all it takes is one errant account somewhere that a former employee might know about to cause us major headaches with a client.
I really like OpenVPN, and I'm sure this sort of thing has come up before. What's the best method to administrate all of these? Single domains for each client? One forest? Single domains with trusts? What's the best practice here?
Extended info: Server 2003 domain, all profiles are roaming profiles with folder redirection. not able to use mandatory profiles due to the extremely stupid software we have to support.