asked on SBS 2008 With Read Only Domain Controller
We are looking to quote a business for a solution and just want to check that what I think is right.
If we have a SBS 2008 Premium server at one site, have a VPN Link (provided by 2 draytek's) at the other site and then use the Server 2008 license that comes with premium to install a second server at the other site. This will then be setup as a Read Only Domain Controller so the users at that site will authenticate locally and all profiles will be stored locally to reduce network traffic.
If we have a SBS 2008 Premium server at one site, have a VPN Link (provided by 2 draytek's) at the other site and then use the Server 2008 license that comes with premium to install a second server at the other site. This will then be setup as a Read Only Domain Controller so the users at that site will authenticate locally and all profiles will be stored locally to reduce network traffic.
SBS
Last Comment
SMBGUY
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
What does the remote site have to be RODC?
The remote site does not have to be a RODC. Placing a RODC at a remote site reduces network load.
Normally, a user authenticates at logon. Tickets are continuously exchanged even after login(security).
When a RODC is placed at the remote site, users authenticate once to a DC. All subsequent ticketing occurs between the RODC and client.
This is great for locations with bandwidth issues, network latency, etc. "i.e. those remote locations in or through the deep woods"....I have several.
Normally, a user authenticates at logon. Tickets are continuously exchanged even after login(security).
When a RODC is placed at the remote site, users authenticate once to a DC. All subsequent ticketing occurs between the RODC and client.
This is great for locations with bandwidth issues, network latency, etc. "i.e. those remote locations in or through the deep woods"....I have several.
Users will authenticate to the closest DC if the domain is configured correctly. The only traffic on the WAN is replication - which has to occur anyway.
I've had numerous home office /remote site networks and managed to survive without RDOC. My understanding is this is more for security than efficiency. If your DC in in a non-secure area, you don't have to worry about anyone being able to make changes - such as create an admin account on the domain...
I've had numerous home office /remote site networks and managed to survive without RDOC. My understanding is this is more for security than efficiency. If your DC in in a non-secure area, you don't have to worry about anyone being able to make changes - such as create an admin account on the domain...