! Do you think I need an Off-Site DC !

Quick question I have an offsite that has a total of 7 systems, they will not add more in the future based on the type of site that it is. I want them on the domain but I am wondering if it is needed to create a DC for that site. The sites are currently connected with PTP tunnel on our Cisco routers so DHCP and DNS is already set. We have 1 user there now that was at this site and she simply plugged in and it worked great. What do you think.

My main thing is hassle worth the pay off later for such a small amount of users.

Thanks in Advance.
Who is Participating?
Mike KlineConnect With a Mentor Commented:
If things worked great I'd leave things as they are.  7 systems and a handful of users at a remote site doesn't justify a new DC and AD site in this case from what you described.
Andrej PirmanConnect With a Mentor Commented:
If those users on your small site use DC only for basic functionality, like DHCP, DNS and Authentication, AND if ping from small site to primary DC is inside reasonable times (let's say, below 40 ms), my oppinion is that you will be just fine with DC over VPN.
In this case there will NOT be lots of traffic between client computers and DC.

But if there are roaming profiles, off-line folders etc, AND if ping is much over 40-50 ms, AND internet connection is asynchronus and slow (for example, ADSL with 1Mbps down and 256 kbps up speed), then I would setup remote DC.
In this case you may predict a lot of traffic between sites, timeouts may be severe, etc.., so it would be better to have DC inside LAN.  
Lee W, MVPConnect With a Mentor Technology and Business Process AdvisorCommented:
In general, I would not consider it a requirement.  However, if there is a server there ANYWAY, then I would make it a DC.  Further, putting at least one off-site DC (off site in the sense that it is not with your main site) would be a good idea for disaster recovery.  If your main location burns to the ground (or is otherwise destroyed), your AD is not lost.  Further, a second server/DC can provide an added level of connectivity redundancy - for example, if your main site DC fails (unless you have more than 1 at the main site), this remote server can provide an added connection point (for example, for myself AND one of my clients, I have a DC at both my locations and if my main location's router/VPN server fails, I can connect to the other location and come in the back door (in a sense).
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

AmericomConnect With a Mentor Commented:
Depending on your enviornement and how user leverage the network resources between sites. Since there's no real indication from the above that really required to have a DC. My suggestion is the more you configure the more you will have to monitor or support around the clock :).
In general, the most important is that you have at least two DCs. These two DCs can be in the main site or one in the main and the other in another site such as this small site you are talking about. But, two things to keep in mind before you make a DC in this small site. Lets say if the main site is downed and even the rounter etc is not accessible then your DC in the small site is useless for the main site users and vice versa. If the link is working but the main site DC is down, will your bandwidth can accomodate the traffic for all your main site user to access the DC and other redundant servers or is there any needs? It really more of a decision what will need to be accessed and what will be up or down during outage.
In general, the most critical systems are probably your mail server(s) and if you are using Exchange server and you do not have one in your small site and do not plan this remote site to be a backup site of your main site, then you may not want to have a DC there especially the number of users there do not justify for a DC. Even if you make a server in this site as a DC without spending $ for a new server, you will need to maintain another DC if you configure one here in the small site. The minute you have a DC, there will be traffic going between the sites that have DCs such as the replication of DCs and GPOs etc in the \\domainname\netlogon . There will be authentication traffics as well as other validation traffic etc between sites. Without the configuration of Active Directory site, user could be authenticated by any DCs from any sites which could create unnecessary traffic. If you put a DC in this small site you should configure AD site and assign the appropriate subnet to the correspond AD sites. If that's what you plan to do is to use this small site as a backup site, then you need a DC. If that's the your plan then you may want to enable DHCP relay and create partial scopes on the DHCP servers and vice versa. This probably will go on and on....If this site by no mean will be a backup site of your main, then may be leave it as is would be less work :)
We don't typically put a server onsite (DC/fileserver) until it grows beyond 20 users. Without bandwidth intensive feature (roaming profiles, offline files, etc), you should be fine.
WILDCATCOACHAuthor Commented:
Thnanks guys
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.