• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 329
  • Last Modified:

AD Small remote site

HI expert,
I try to found some good practice to create a small AD 2008RC2 remote site. I need to movre 10 users from the main site to a remote location with a IPSEC Watchguard fiber link. The remote user are mostly laptop user and for the begening all the servers will remain at the head office. The remote site are on another subnet deserved by the DHCP inside the watchguard.

I was thinking installing 1 virtual DC to serve theses 10 users locally with DNS, AD (replication). In case of link down, the users will be able to logon and work locally.
But i quite lost! How do I configure the DNS to server local and remote host name and user different fowarders (in case of link lost). AD will work on 2 subnet?
IF someone have some doc to point me at?
Thanks a lot.
0
pdsavard
Asked:
pdsavard
  • 5
  • 4
2 Solutions
 
Mike KlineCommented:
If the link went down you can use cached credentials so they could log in.

If you want a DC there you create a DC  and make a new site in AD and create a site link between this site and main site.

for the DC you just create a DC in the same domain and install DNS/GC.   It will replicate AD/DNS from the main site.

Thanks

Mike
0
 
pdsavardAuthor Commented:
correct, the cached credential will do the trick.
But what about the DNS/DHCP process. If I use a local DNS with local Fowarders, how can I resove AD name from the main site?
If I use DNS replication from the main site, How can i set local fowarders in case of link failure?
0
 
Mike KlineCommented:
You can set forwarders on the DNS server itself but if the WAN link is down how are they going to reach the internet?

Thanks

Mike
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
awaggonerCommented:
If the link goes down, it doesn't matter because the servers are at the home office.

If you use thin clients and either VDI, Citrix XenApp, or MS Terminals services.

You won't need a local server at all.  This is a very secure solution.

If you insist on a remote DC, make sure it is a read only configuration.
0
 
pdsavardAuthor Commented:
The main site can be down. The remote site will have dual WAN link because it serve a small datacenter. Eventually the main site will switch position with the remote one... But for the phase1 only 10 users will move the the remote location.

The DNS at the remote need a foward and Reverse lookup zone of the main site? How to keep that in shync?
0
 
Mike KlineCommented:
AD and DNS will replicate automatically as part of normal AD replication.    You can setup different forwarders in the properties (right click the DNS server and select properties > forwarders tab)

Thanks

Mike
0
 
pdsavardAuthor Commented:
Meaby is too complicate only for 10 users. Do you think i can acheive the DNS/DHCP goal without AD DC on remote site?

awaggoner: The remote site is very secure. No need to use a RODC i think. VDI will be the next step. At the remote site, we aleready have a private cloud with Exchange and another AD site for the cloud. VDI will be in that cloud in phase2.
But for now I need to provide AD from the current main site to the 10 users.
0
 
Mike KlineCommented:
You could probably let them use the DCs in the main site.  How reliable is that link?
0
 
pdsavardAuthor Commented:
HI, I finaly add a local DC.
Question:
- Can i set diferent DNS fowarder for this remote DC?
- Whats is the best setting for station DNS (Push by the DHCP). Primary DNS set to the local DC and secondary to the DC at the main site?

THanks
0
 
Mike KlineCommented:
Yes you can set a different forwarder.

I'd point them locally for DNS first just like you are planning.

Thanks


Mike
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

What Kind of Coding Program is Right for You?

There are many ways to learn to code these days. From coding bootcamps like Flatiron School to online courses to totally free beginner resources. The best way to learn to code depends on many factors, but the most important one is you. See what course is best for you.

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now