Can a user log on to different domains?

[retiree06]

I need to design a network for a school. The school has 5 laboratories with each room having 40 workstations.

I was planning to have a server running at each room and a central server for the office of the custodian.

But I was wondering if it would be possible for a user account to log in to those different domains in the lab.

I plan to put servers on each room in case the central server would go offline and the users cannot login to their accounts anymore.

All the devices we have are the windows 2008 server r2 and generic switches.

If there are alternatives, I am open for suggestion.😀.

Thank you in advance.

 

[jsmithepa]

Of course Yes, what's the point of allowing you to configure different domains if you are not allowed to switch them. Details? oooh I will let someone with more knowledge of MS networking to assist you.

 

[ss202sl]

A domain is controlled by a domain controller. The Domain controller is what verifies and logs users(and computers) onto the network If you set up a domain for each classroom, you could set up a trust between the domains that would allow a student to log into any pc in any lab. If a domain controller goes down, you would have issues logging in to that domain.

This is what I would do: Have1 domain with a domain controller(for that 1 domain) in every lab. The domain controllers would synchronize themselves, and as long as the computer could reach any of them' you'd be fine to log in. You can then create an OU for each classroom and push different domain policies to each classroom.

 

[Kewlx25]

There are better ways to handle redundancy than having a bunch of separate domains. It's been a while since I've had to setup or manage domains, but unless you had duplicate user accounts in each domain, if the primary domain to which the under is attached goes down, you'll still have the same issue.

 

[retiree06]

A domain is controlled by a domain controller. The Domain controller is what verifies and logs users(and computers) onto the network If you set up a domain for each classroom, you could set up a trust between the domains that would allow a student to log into any pc in any lab. If a domain controller goes down, you would have issues logging in to that domain.

This is what I would do: Have1 domain with a domain controller(for that 1 domain) in every lab. The domain controllers would synchronize themselves, and as long as the computer could reach any of them' you'd be fine to log in. You can then create an OU for each classroom and push different domain policies to each classroom.

Thank you for the response! I have a couple of question to follow up though if you don't mind.
-What would be the advantages of the one you are suggesting?
-If I were to troubleshoot the server on the room or edit the GPO, would I need to physically go to that room to fix it?
-How and where do I start adding the users in the lab?

Thank you for your patience with me.

 

[retiree06]

There are better ways to handle redundancy than having a bunch of separate domains. It's been a while since I've had to setup or manage domains, but unless you had duplicate user accounts in each domain, if the primary domain to which the under is attached goes down, you'll still have the same issue.

having their accounts in each of the servers is what I thought it should be like so that when the main server is down, those servers on the rooms could at least offer access to the computers and once the main server goes back up again, it updates the changes made on those servers during down time. (Is what I am thinking even possible. haha)

If you have a suggestion for a layout, it would be also appreciated. 😀

Thank you for your patience with me.

 

[ss202sl]

Having multiple domain controllers means 1 can go off-line, and users can still log in. If you create 1 domain you can administrate that domain from any PC on that domain - you can use AD management tools (part of the 2008 Admin Pack - you install on a desktop) and add users, GPO's. OU's - everything you need to do. You don't have to physically go to the room with the server just to manage AD - you just need to be on a machine in the domain.

 

[ss202sl]

You want 1 domain with multiple domain controllers. Each of the domain controllers keeps a copy of list of all users and machines, and can log them into the domain - so if a server goes down, users still get logged in by another server. You only have to create and manage 1 account for each user(there's only 1 list). The domain would synchronize everything by itself.

 

[retiree06]

Having multiple domain controllers means 1 can go off-line, and users can still log in. If you create 1 domain you can administrate that domain from any PC on that domain - you can use AD management tools (part of the 2008 Admin Pack - you install on a desktop) and add users, GPO's. OU's - everything you need to do. You don't have to physically go to the room with the server just to manage AD - you just need to be on a machine in the domain.

So that means after creating a domain(let say on lab1), I would set the following servers as a 'domain controller to an existing domain'. right?

After that I just install the 2008 Admin Pack on the workstations and have 1 pc set up at my office so I could edit the GPU and add users in the network without me actually going there.

Did I get your instructions right? haha. Thank you for being a patient guy with a noob like me.

 

[ss202sl]

Having multiple domain controllers means 1 can go off-line, and users can still log in. If you create 1 domain you can administrate that domain from any PC on that domain - you can use AD management tools (part of the 2008 Admin Pack - you install on a desktop) and add users, GPO's. OU's - everything you need to do. You don't have to physically go to the room with the server just to manage AD - you just need to be on a machine in the domain.

So that means after creating a domain(let say on lab1), I would set the following servers as a 'domain controller to an existing domain'. right?

After that I just install the 2008 Admin Pack on the workstations and have 1 pc set up at my office so I could edit the GPU and add users in the network without me actually going there.

Did I get your instructions right? haha. Thank you for being a patient guy with a noob like me.

Yes. That's exactly right.