A remote site has about 25 of our 50-ish employees. They have their own AD domain presently (2003) but I want to look at getting them onto the same global domain for ease of access/administration. The remote site has a VPN link but line speeds are very poor.
I am already aware of tools like ADMT and have done a few migrations in the past (NT/2003 domains), but this is the first time I have the luxury of designing how this domain is organised. So I'm looking for tips on good AD design; would a remote site be better served as a sub-domain? would this reduce traffic? I am only currently looking at 2003 since only existing machine will be used.
edit-hope someone can give some advice on this?
Active Directory Sites in 2003 are pretty well designed to allow using the same domain at remote sites - you simply setup all replication to take place after hours to save your bandwith and AD is clever enough to still immediately replicate high priority events such as disabling accounts, password changes etc, anything not covered can easily be replicated manually.
Due to AD sites taking out slow connections from the equation, you are free to design your forests according to standard practices.
Remember a Domain (at least as of 2003) is the organisation's primary security boundary, so if they are part of the same organisation then sure, why not add them to your main domain. If they are a separate entity then keeping a separate domain and linking it with a trust may be the right way.
Possibly you may be overestimating how much traffic AD replication causes are we talking 56k leased lines here?
Your environment will happily support using two sites with the same domain, as long as you put (at least) one domain controller in the remote site and properly define sites, subnets and link in AD Sites and Services.
Your choice should be about administration: will those users be part of the same company? Will they be managed by the same group of administrators? Will they share the same network resources?
Having multiple domain is usually more pain than gain, especially when talking about very small user bases; I'd go with a single domain and two sites, but of course this will mean migrating users from their present domain to your one.
If you want less hassle and they can be allowed their own domain administration, you can just set up a trust and live with that.