• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 193
  • Last Modified:

New remote domain

512K VPN line to connect  2 remote offices, they have own DCs.  We just transfer file or PC remote through these VPN lines.

                 Domain A  ------- 512K VPN --------- Domain B
            512K VPN
          Domain C

Now we will setup new office again, but my BOSS asks me that we can centralize account management in Head Office with new remote site?

1. Move Additional Domain Controller of Domain A (w/ Global Catalog) to new site D ?
2. Build up Child domain on new site D ?
3. Just linked up by 512K thin VPN tunnel, is it enough to support frequent replication for 1 or 2 ?
4. Or Seperate Domain (DCs) like as Domain B and Domain C ?

Can tell me which one is the best solution please ? (why?)

Thanks !

  • 3
  • 2
2 Solutions
Hi rhinoceros,

you need to look at what you need in a domain.....

do you need to have a separate directory structure for the new site? It is much better to build your new site with a secondary domain controller which will link the AD Database together and replicate just fine through your VPN tunnel

unless you specifically need separate domains there is no point you just create more work and a less effective way or working

R -

I agree - there is no compelling reason here for anything but a flat, single domain -
If you have separate domains now, we can pick a strategy to migrate the accounts if you want to simplify - or create a forest structure if you don't.

Your real configuration focus needs to be on Active Directory Sites:  Sites are used to manage authentication and replication traffic.
With them, you can set frequency of site-to-site replication and other traffic-shaping options.

You may also want to look at DFS (Distributed File Services) - with which you can create & maintain replicated shares at each Site.

Some considerations for the above:
How much traffic is there over these lines?
What volume of file changes are there each day?
What volume of files are accessed remotely?
Also -
Are you running any server-based Database applications?
Are you running an Exchange server at any of these locations?

Where there's a will, there's a way!
rhinocerosAuthor Commented:
Indeed, I really want to know what the main consideration is when we decide to run "Secondary Domain Controller" or "Separate Domain” on new site except the VPN (bandwidth).

Thanks a lot !

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

The primary considerations are consistency & administration

The advantage of a 2nd DC over a separate domain is centralized
administration & security. (single set of users & groups, etc)

Having a 2nd DC @ the other site adds very little traffic, which can be controlled further using AD Sites.

Does that help?

well do you want a single point of admin or do you want to separate AD databases that you have to administer

this means - 2 lots of GPO, 2 lots of security Groups, 2 lots of users etc,

unless you have two business/companies/child companies etc, stick with a single Domain, your administration is cut in half, you are following best practices, and you are adding redundancy with your additional DC

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now