AD Small remote site

HI expert,
I try to found some good practice to create a small AD 2008RC2 remote site. I need to movre 10 users from the main site to a remote location with a IPSEC Watchguard fiber link. The remote user are mostly laptop user and for the begening all the servers will remain at the head office. The remote site are on another subnet deserved by the DHCP inside the watchguard.

I was thinking installing 1 virtual DC to serve theses 10 users locally with DNS, AD (replication). In case of link down, the users will be able to logon and work locally.
But i quite lost! How do I configure the DNS to server local and remote host name and user different fowarders (in case of link lost). AD will work on 2 subnet?
IF someone have some doc to point me at?
Thanks a lot.
pdsavardAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Mike KlineCommented:
If the link went down you can use cached credentials so they could log in.

If you want a DC there you create a DC  and make a new site in AD and create a site link between this site and main site.

for the DC you just create a DC in the same domain and install DNS/GC.   It will replicate AD/DNS from the main site.

Thanks

Mike
0
pdsavardAuthor Commented:
correct, the cached credential will do the trick.
But what about the DNS/DHCP process. If I use a local DNS with local Fowarders, how can I resove AD name from the main site?
If I use DNS replication from the main site, How can i set local fowarders in case of link failure?
0
Mike KlineCommented:
You can set forwarders on the DNS server itself but if the WAN link is down how are they going to reach the internet?

Thanks

Mike
0
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

awaggonerCommented:
If the link goes down, it doesn't matter because the servers are at the home office.

If you use thin clients and either VDI, Citrix XenApp, or MS Terminals services.

You won't need a local server at all.  This is a very secure solution.

If you insist on a remote DC, make sure it is a read only configuration.
0
pdsavardAuthor Commented:
The main site can be down. The remote site will have dual WAN link because it serve a small datacenter. Eventually the main site will switch position with the remote one... But for the phase1 only 10 users will move the the remote location.

The DNS at the remote need a foward and Reverse lookup zone of the main site? How to keep that in shync?
0
Mike KlineCommented:
AD and DNS will replicate automatically as part of normal AD replication.    You can setup different forwarders in the properties (right click the DNS server and select properties > forwarders tab)

Thanks

Mike
0
pdsavardAuthor Commented:
Meaby is too complicate only for 10 users. Do you think i can acheive the DNS/DHCP goal without AD DC on remote site?

awaggoner: The remote site is very secure. No need to use a RODC i think. VDI will be the next step. At the remote site, we aleready have a private cloud with Exchange and another AD site for the cloud. VDI will be in that cloud in phase2.
But for now I need to provide AD from the current main site to the 10 users.
0
Mike KlineCommented:
You could probably let them use the DCs in the main site.  How reliable is that link?
0
pdsavardAuthor Commented:
HI, I finaly add a local DC.
Question:
- Can i set diferent DNS fowarder for this remote DC?
- Whats is the best setting for station DNS (Push by the DHCP). Primary DNS set to the local DC and secondary to the DC at the main site?

THanks
0
Mike KlineCommented:
Yes you can set a different forwarder.

I'd point them locally for DNS first just like you are planning.

Thanks


Mike
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.