pdsavard
asked on
AD Small remote site
HI expert,
I try to found some good practice to create a small AD 2008RC2 remote site. I need to movre 10 users from the main site to a remote location with a IPSEC Watchguard fiber link. The remote user are mostly laptop user and for the begening all the servers will remain at the head office. The remote site are on another subnet deserved by the DHCP inside the watchguard.
I was thinking installing 1 virtual DC to serve theses 10 users locally with DNS, AD (replication). In case of link down, the users will be able to logon and work locally.
But i quite lost! How do I configure the DNS to server local and remote host name and user different fowarders (in case of link lost). AD will work on 2 subnet?
IF someone have some doc to point me at?
Thanks a lot.
I try to found some good practice to create a small AD 2008RC2 remote site. I need to movre 10 users from the main site to a remote location with a IPSEC Watchguard fiber link. The remote user are mostly laptop user and for the begening all the servers will remain at the head office. The remote site are on another subnet deserved by the DHCP inside the watchguard.
I was thinking installing 1 virtual DC to serve theses 10 users locally with DNS, AD (replication). In case of link down, the users will be able to logon and work locally.
But i quite lost! How do I configure the DNS to server local and remote host name and user different fowarders (in case of link lost). AD will work on 2 subnet?
IF someone have some doc to point me at?
Thanks a lot.
ASKER
correct, the cached credential will do the trick.
But what about the DNS/DHCP process. If I use a local DNS with local Fowarders, how can I resove AD name from the main site?
If I use DNS replication from the main site, How can i set local fowarders in case of link failure?
But what about the DNS/DHCP process. If I use a local DNS with local Fowarders, how can I resove AD name from the main site?
If I use DNS replication from the main site, How can i set local fowarders in case of link failure?
You can set forwarders on the DNS server itself but if the WAN link is down how are they going to reach the internet?
Thanks
Mike
Thanks
Mike
If the link goes down, it doesn't matter because the servers are at the home office.
If you use thin clients and either VDI, Citrix XenApp, or MS Terminals services.
You won't need a local server at all. This is a very secure solution.
If you insist on a remote DC, make sure it is a read only configuration.
If you use thin clients and either VDI, Citrix XenApp, or MS Terminals services.
You won't need a local server at all. This is a very secure solution.
If you insist on a remote DC, make sure it is a read only configuration.
ASKER
The main site can be down. The remote site will have dual WAN link because it serve a small datacenter. Eventually the main site will switch position with the remote one... But for the phase1 only 10 users will move the the remote location.
The DNS at the remote need a foward and Reverse lookup zone of the main site? How to keep that in shync?
The DNS at the remote need a foward and Reverse lookup zone of the main site? How to keep that in shync?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Meaby is too complicate only for 10 users. Do you think i can acheive the DNS/DHCP goal without AD DC on remote site?
awaggoner: The remote site is very secure. No need to use a RODC i think. VDI will be the next step. At the remote site, we aleready have a private cloud with Exchange and another AD site for the cloud. VDI will be in that cloud in phase2.
But for now I need to provide AD from the current main site to the 10 users.
awaggoner: The remote site is very secure. No need to use a RODC i think. VDI will be the next step. At the remote site, we aleready have a private cloud with Exchange and another AD site for the cloud. VDI will be in that cloud in phase2.
But for now I need to provide AD from the current main site to the 10 users.
You could probably let them use the DCs in the main site. How reliable is that link?
ASKER
HI, I finaly add a local DC.
Question:
- Can i set diferent DNS fowarder for this remote DC?
- Whats is the best setting for station DNS (Push by the DHCP). Primary DNS set to the local DC and secondary to the DC at the main site?
THanks
Question:
- Can i set diferent DNS fowarder for this remote DC?
- Whats is the best setting for station DNS (Push by the DHCP). Primary DNS set to the local DC and secondary to the DC at the main site?
THanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If you want a DC there you create a DC and make a new site in AD and create a site link between this site and main site.
for the DC you just create a DC in the same domain and install DNS/GC. It will replicate AD/DNS from the main site.
Thanks
Mike