VPN Branch office connectivity with domain / AD access
Posted on 2013-02-06
I've perused many branch office threads but most seem to have some assumptions i may not quite understand so they haven't quite helped so please bear with me.
I have a client with a small head office with six PCs and a SBS2011 server set up in a pretty standard way - server is domain controller, DHCP, file share, exchange.
There is a branch office 1000kms or so away with a couple of PCs but will be growing to be around the same size.
Both offices have an ADSL2 connection.
Due to some recent outages (caused by major flooding across large areas of Queensland) the boss wants a server in the branch office which basically syncs the head office server. Ie. runs AD for the same domain and syncs the file shares.
I am thinking of setting it up in the following way:
hardware based site to site VPN
set up branch office server (server 2008) in head office with DFS and do inital file sync
set up branch office server as a second domain controller
take to branch office and configure network settings to talk across VPN to SBS DC
Broadly, is that an ok solution?
Specifically, what network and AD configuration is required for the branch office server to communicate over the VPN so DFS works and it does AD updates? Presumably i would need a new site entry in AD and add DNS servers fore each site as secondary of the other?