Hello, I had received assistance from members here and I really appreciate the push. This is the thread where it all started http://www.computing.net/answers/wi... Once again I am working on creating a Domain setup. I have created the domain controller and also created a Child domain controller (For the remote site). Now when i log into the child server should i select the child domain name or the Main DC? (During log in) I have added a test PC to child domain server and tried use a user account that was created on the Central Domain. It didnt log me in why? When I log in the remote server in the child domain name I dont see any AD changes i made in the central domain. I mean the AD is not replicated. Why? When I log in the remote server in the main Domain name I can see the mirror of the AD of the centraL domain. I can log into the Client PC and use the username from the central domain if I select the Domain as the central domain during log in. I want to add the child domain into an OU in the central domain server to apply policies but there is no server object to be seen in the AD users and computers. Why? I know the questions eventhough silly could be confusing. I am self learning and some simple things arent mentioned in the books. Thanks

if you are just learning the last thing you should be doing is anything with child domains. That is an advanced topic. You are still working on basic skill sets. I would suggest you purchase one of the MS Training courses which will walk you through exercises so you get real experience with Active Directory.

Thanks for pointing me in the right direction... I have been working on stand along domains for the remote sites for a long time.. its again self taught stuff... Now i decided to have more control over these individual sites by having a central server. Will comeback when i have more clarity and a small video training...

Hello I am back after some dig in this subject. Back to where this all started. One single domain at HO Small 9 remote sites which are connected through ADSL and IPVPN lines Remote sites have their own IP Schema Each site has around 5 - 20 Pcs All the sites are accessible from HO As of now I have setup the domain controller at Head office. I have prepared only Windows XP machine on the remote sites. I have connected that XP machine to the Domain controller and everything is working fine. My next step to enable WSUS in the Domain server. However I believe since the number of Pcs are are less I feel the single domain can support all the sites. No need for additional domains per site. My question is regarding the AD sites and services Since each of these 9 remote locations can be considered as a 'site' And each of them have specific subnets Do i need to create a Site for each remote loc in AD sites and services? Do I need to create the subnet to the above sites? I believe i dont need to do that since I dont have a domain server in each site. Also all the remote locations would be logging into the main domain. Am i right in this regard? Please tell if i need to add these subnets in AD sites and services.

I have only had to add subnets to Sites and Services when there was a server or dc in that subnet.

First, I would never run WSUS on a primary AD server because of the performance hits and other reasons. Better to run it on a backup server. Second, "I believe i don't need to do that since I dont have a domain server in each site." Is this true that you have no DC at each site? Do you at least have a file server at each site? I would setup DCs at every site with AD. Then setup File Replication for their Home Drives to those sites. This way, if the VPN connection is lost the whole site does not go down. They just lose access to remote data services but can still access their local files. In addition, this will take some of the load off of your HQ servers and lessen the bandwidth on your tunnels. The last benefit is that you can setup NAS drives at each site which can be used as your off site backups.

Thanks for the reply. So there is no need to add subnets since i dont have domain server at site. 1) Regarding the DC at the site, I know the account details are cached in local PC and you can log into the domain with previous settings from the cache even if the domain is not reachable. The group policy might not be applied though. Am i right? 2) I discarded the idea of DC in each site because the only purpose in the site is file sharing, And I need reliability, Wanted to avoid complexity. So I converted a HP ML 110 G5 server to run XP and share files. Is this a terrible idea? 3) I am also enroute to add NAS drives in each site to have a backup of this local XP server and keep a backup of shares folders in NAS drive. I hope this is fine. 4) In that case I will separate the WSUS server from the DC. I am having few issues with PC's updating with the WSUS. Will come back with details on that.