Check out this white paper on the Windows 2000 authentication process: http://www.microsoft.com/windows2000/techinfo/howitworks/security/kerberos.asp. Microsoft usually recommends a T1-speed or better connection if you are going to be authenticating clients over a WAN link; however, your decision will need to be based on your actual network usage and traffic patterns. You can configure separate sites to fine-tune the way that network traffic is handled on your network. For example, any Software Installation and Folder Redirection settings will not take place over a link that you have designated as a "slow link." Your other option would be to place a local controller in heavily-used remote sites; this decision will need to be based on your ability to remotely secure and administer a machine in an off-site location.
Related Q&A from Laura E. Hunter
Active Directory expert Laura E. Hunter offers some advice for changing the IP addresses of domain controllers.continue reading
A Windows administrator moving from Windows Server 2003 to Windows Server 2003 R2 wants to perform a restore of a previous server to a new one ...continue reading
An admin needs to grant user access rights for those needing to traverse directory trees. Our server management expert explains how to use Group ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.