Domain Controller on remote site or new domain interconnected to forest

Posted on 2011-03-23
Last Modified: 2012-06-27
Hi all,

We have a datacenter where we host our e-mail, backups, domain controller etc. Now we want to connect our computers to the domain true a VPN (Site-to-Site).

Q1: On the datacenter site we have forefront TMG and on our office we have a cisco pix 501, can I make a permanent VPN to our Datacenter?

Q2: Is it wise to connect to the existing domain or make a new domain and joint it to the forest by trust?



Question by:xiss
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3

Expert Comment

ID: 35198310
HI Kasper, sorry I'm not going to be helpful with the site-to-site vpn with the Cisco and Forefront (although I'm sure it's doable) but in terms of the domain, don't see any damage in joining the domain, do you have an existing domain controller on site of why would you consider just joining the forest?

It would be highly advisable having an on site DC (and DNS server) as you will feel the performance delay with having the DC off-site.  Unless of course you get a hosted terminal services server as well and keep the clients on a workgroup or whatever...

Author Comment

ID: 35199819
We'll I thought making the datacenter site domain A and the office domain B for security and make them trusted in the forest, but is this common or am I making things needlessly complicated :)

Accepted Solution

ebooyens earned 500 total points
ID: 35199920
Maybe someone else can argue the contrary but I don't see any real security benefits from doing that while it certainly makes things more complicated. In terms of cloud services you should worry about gateway security, so making sure you've got quality firewalls in place and locking down access, perhaps only via your site-to-site vpns or by fixed IPs. Also look at your password policies, enable complex passwords and expiration. Those are the important security aspects to consider.

So how many clients have you got and what servers will be local?
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Author Comment

ID: 35200931
Thanks for the response, your advice is appreciated!

We use Forefront TMG as our edge firewalls in our datacenter. We have 400 clients connecting true https to our webapp and we have 10 clients in the office, so I think I just put a RDC in the office and create a Site-to-Site VPN.

Thanks for the help!

Expert Comment

ID: 35201183
Yep that sounds good.  Thanks for the points!!  Thought you might hang out on for a while to get some answers about setting up the VPN?  Sorry I can't help with that!

Author Comment

ID: 35201774
No problem, think i got my solution!

Featured Post

[Webinar] Code, Load, and Grow

Managing multiple websites, servers, applications, and security on a daily basis? Join us for a webinar on May 25th to learn how to simplify administration and management of virtual hosts for IT admins, create a secure environment, and deploy code more effectively and frequently.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Microsoft UAG for Remote Cirtrix  Xendesktop Access 3 135
Exchange 2010 POP 3 setup with MS ForeFront TMG 5 1,001
TMG 2010 ISP Redudancy 29 1,018
Dynamic CRM config with outlook 4 123
Microsoft's ISA Server has been its pre-eminent security product for about a decade and is still regarded amongst the well-informed as one of the best software firewalls and application gateways ever released, by any manufacturer. ISA Server has bee…
There are several problems reported according slow link speeds or poor performance in TMG 2010, UAG 2010 or ISA 2006. I want to collect here some of the common issues together to give a brief overview what can be the reason. Nevertheless, not all of…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit If you want to manage em…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question