Active Directory Trusts-Bandwidth Usage

mitchell3405

Distinguished
Jun 16, 2011
58
0
18,630
Currently We have several Active Directory Domain at several Technical High Schools. These are used by us as a it educational unit(s). The Tech School System's IT Department has a fiber wan between the schools that allows communication between these units. We wanted to interconnect the unit's Active Directory's with Trusts or by combining them into one forest. However I am wondering How much bandwidth that alone would require? There make be some file access between units but not on a daily basis since the units are separate from one another. How much bandwidth do you think this would require?

Thanks
 

gutb

Honorable
Feb 20, 2012
5
0
10,510
Very little -- depending. In any case, AD is fully aware of slow networks and will not be flooding any WAN links, even with fully integrating the two domains. For example, AD will recognize an external network and adjust bandwidth accordingly.
 

mitchell3405

Distinguished
Jun 16, 2011
58
0
18,630



I am Just wondering because the school system also has an Active Directory forest of their own separate from ours & our other accompanying units at other schools. They use their wan to interconnect their networks. So we want to use their wan which allows us connectivity to the units at the other schools, to connect our Active Directory Domain to Some of the other 7 associated units in the system. I was wondering if there would be any problems with coexistence across the wan.
 

riser

Illustrious
If you use a trust the amount of data being transmitted will be low. Mainly the user credentials and a password hash.
If you combine the forest you will have a lot more bandwidth used due to the AD replication of objects. The initial replication may be large, but after that is will be minimal again.
If you have decent network guys, they can track how much data is being transferred over the network from your domain controllers.
 

mitchell3405

Distinguished
Jun 16, 2011
58
0
18,630


To set up either of these two setups you mentioned, what do I have to do in terms of dns? Currently the units at each school have their own private dns servers which are used by the workstations for active directory. The private servers forward requests it cannot resolve to the school districts ad dns servers. However the district's ad dns servers have no knowledge whatsoever of the private servers.

So to make make this work I would assume that I would have to set our AD DNS server up with conditional forwarders for the other domains that point at the correct dns servers & the admins at the other units would have to do the same. Correct?
 

riser

Illustrious
After the trust is created you would use the DNS forwarders. Each domain would forward to the other and if that failed, it would forward out to your ISP DNS.

Now, depending on how well you know DNS you could setup a Stub Zone of the other DNS servers. I guess it will depend on how you want to proceed. If you setup the trust you can forward, or load a secondary zone/stub zone on the DNS servers and allow it to replicate or load periodically.

As long as there is a path the DNS request can travel to get the other DNS, it should serve it up, especially if they're on your private network.