Branch Office: Removing an RODC from AD

Well eventually you are going to remove an RODC and if you are running in a test lab sooner rather than later. Microsoft has a TechNet Article which covers removing the RODC with the claim that AD metadata is removed. I have not found that to be entirely accurate. This post reflects my experience and the additional items which needed to be removed. This post reflects how to remove the RODC when the server has been lost or stolen, or in my case restored to an earlier backup. Note: If the RODC is still connected to the domain follow the … Continue reading Branch Office: Removing an RODC from AD

Branch Office: 5 Ways Server 2008 Improves WAN Utilization.

Bandwidth utilization, latency, and the reliability of the Wide Area Network are three major concerns when administering a branch office environment. Windows Server 2008 helps to address these concerns through the following 5 technologies. RODC Since the RODC does not accept changes, writable domain controllers that are replication partners do not have to pull changes from the RODC. This reduces the workload of bridgehead servers in the main site and the effort required to monitor replication. RODC unidirectional replication applies to both AD DS and distributed file system (DFS) replication. The RODC performs normal inbound replication for AD DS and DFS … Continue reading Branch Office: 5 Ways Server 2008 Improves WAN Utilization.

Branch Office: Thought Process – some considerations from the field

While choosing a branch office solution, you have to address various issues, such as security, data replication, minimal IT capabilities, hardware costs, unauthorized physical access, and unwanted changes to Active Directory. The following bulleted list discusses the points above and highlights the solutions to address the concerns. (Source:MSL 89-389) Security In case the security at the branch office is your major concern, you should use the  Server Core installation option of the Windows Server 2008 operating system and install , RODCs, Server Message Block (SMB) 2.0, and BitLocker Drive Encryption. Server core offers a reduced attack surface because of the … Continue reading Branch Office: Thought Process – some considerations from the field

Branch Office: Creating Visio Diagrams

Spider webs. That is what I call most network diagrams I see. A diagram is worth a thousand words when it comes to understanding the layout of your network. There are a few skills which help you get full value out of diagramming and it is the intent of this post to highlight a few. Most involve clearing the cobwebs and bringing clarity through visual cues. I am using a diagram that comes from an administrator for whom I have a lot of respect. He has taken on challenges and kept to a tight budget while advancing the use of … Continue reading Branch Office: Creating Visio Diagrams

Branch Office: Three most common topologies

In planning a branch office configuration, you have to consider the impact of service level and user demands on the topology selection. From full Centralized Infrastructure where all of the resources are managed at the head office through to Full Local Infrastructure where the branch has local copies of everything they need to work. Here are the three main types: Fully Centralized – The head or Hub office provides all of the needed applications and authentication. Hybrid – Key workloads are transfered to the office Fully Local – All applications and authentication performed by local resources Jeff LoucksAvailable Technology  Subscribe in … Continue reading Branch Office: Three most common topologies

Branch Office: Creating a Read Only Domain Controller

Branch offices come with a whole set of considerations and not the least of which is they generally are less secure than the main office. This is a critical concern for putting a domain controller in each office. The primary issue in almost every branch office is managing bandwidth across the wide area network. If you lose authentication request because of network outages the office can be rendered unproductive and so having a domain controller in the branch can effectively relieve the need to authenticate back to the main office. RODCs are designed to be deployed in locations that have … Continue reading Branch Office: Creating a Read Only Domain Controller

Branch Office: Using SSTP for Site-to-Site VPN on Windows Server 2008

In this post I will define how SSTP is different from PPTP and L2TP. I will cover some of the advatanges of this technology which released with Windows Server 2008. Finally I will cover the basic steps to setup SSTP and provide resources for further configuration advice. The end goal is to use SSTP for a site to site VPN over which client computers can share resources. Note: Certain aspects of SBS and EBS environments mean they are out of scope for this article however, this arcticle is still a good starting point for understanding the principles of SSTP and … Continue reading Branch Office: Using SSTP for Site-to-Site VPN on Windows Server 2008

Windows Server 2008 R2 Branch Office: Features to Empower the Cloud

If you are involved at all with Microsoft on a professional level, you could not miss the fact that Microsoft is lugging the Juggernaut that it is toward Cloud computing. Branch Office is a logical intermediary step in the strategy since technology that Microsoft develops here will be leveraged to connect to a platform in the cloud like Windows Azure. Over the remainder of the month I am going to deep dive on new features of Windows Server 2008 R2 and Win7 as they relate to Branch Offices. I will talk about strategies for mitigating common problems and provide an in … Continue reading Windows Server 2008 R2 Branch Office: Features to Empower the Cloud