Remote Domain Controller or Site-to-Site VPN or Both?

We have begun hosting some of our software with a remote vendor.  We now access this software via  RDP (RDS) and via RDP have access to our mapped drives and network printers via RDS services.  One of our newly hosted software products also requires local access to Outlook, which requires us to install Outlook at the hosted site as well as locally.  We were wondering whether the installation of a remote domain controller and/or a site-to-site VPN might allow us to have direct access to mapped drives and printers (instead of the RDP re-direct), direct access to local network machines and shares and allow us to open a single instance of Outlook.  The remote site is AD 2008 and we are currently AD 2003, but realize we will need to move to 2008 soon anyway,  Any thoughts and suggestion are considered valuable.

Thank you.

Ned Forster
IT Manager
West Point Association of Graduates
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

In this case, I suppose the hosted RDS machine is not connected to a domain. Users are using local accounts to log on. Using the redirected drive features of RDS client, you can access files on your computers in the company network thanks to the credentials you entered to log on your workstation.

If you want to browse your company files from the hosted machine, you should include the hosted server in a domain, that means set up a site-to-site VPN.

ADding a controller is optional, since I dont think you have thousands of connections or need to massively serach objects in AD, I don't think a DC would be usefull.

Once your VPN is set up, modify hosted server DNS and add it into the domain. Lock or stop using local accounts and ask RDS users to use their AD login password to access this machine.
This way, users will have access to Printers, Shares, Files and everything else. Take good note that large files will be a pain to open (140Mb PPT from the hosted site will be quite bandwidth consuming)

Regarding Outlook (and assuming you are using Exchange Server), it will connect to your server using SSO, as if the it was in you local network.

If AD and File sharing is just optional, you can also leave everything as it is actually, and use Outlook Anywhere feature of Exchange (RPC over HTTP/s) to connect to your mailbox without even using a VPN.

Usually, machine hosted in datacenters with no VPN  have no access to company network and are able to work on their own. Ask yourself if browing files and printer is really a necessity or if a PDF printer with a SMTP mail account can do the trick



Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial

No news from you, I'm available if you have more questions or if you want to discuss about vpn / no vpn scenarios.


It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.