We help IT Professionals succeed at work.

Active Directory Domain over Internet

I have a client that really cannot afford point-point T1 or an MPLS network as I would love for them to have,  They have 4 offices around the country and currently don't have an AD Domain - all local administration.  I am about to install their first Windows Server in the main office and would like to join the other offices to the domain.  I want to propose that they use cable connections or FIOS for all their locations - instead of 1 T(main office) and the DSL connections (branch) they currently have - and then use their current firewalls (that do VPN for file sharing now) to connect back to the mail site for AD stuff.  The branch office with the most users has maximum 6 PCs. Should this work and act nicely with AD?
Thanks.
Comment
Watch Question

Senior Solution Architect
Most Valuable Expert 2015
Top Expert 2015
Commented:
In a perfect world you would have no issues with this. The only thing that may casue issues down the road is that if you are only installing 1 DC for 4 remote sites this is not a good practice. If that connection to the main site goes down you are then taking out the other sites as well.

If you are going to implement a domain make sure that each site has its own DC to auth to. If you are using cable internet it should be fine for authentication etc, the only thing I would worry about is the up time and multiple sharing usage.

If you are going to continue to use cable make sure that you have some sort of Business grade cable internet to ensure that you have the most reliable connection.

Hope this helps
Right.  I would use business grade internet.  I am not sure if they can afford 4 servers, but maybe we would start with one or two and take it from there.   Make sense?
Will SzymkowskiSenior Solution Architect
Most Valuable Expert 2015
Top Expert 2015

Commented:
Yes for sure. Make sure that you have atleast 2 DC's because you have something to fall back on if one ever goes offline or connection is down. The only downfall if they had to authenticate with another domain in a different location would be the login/authentication times.

Even if the connection to the DC went down, though, they would be able to access their computers with their cached profiles, so it wouldn't be terrible for a short time, right?