Our company is a SME with global presence. The HQ is in Singapore, with branch in Taiwan, China, Malaysia, Europe and US. However, the distribution of staffs in these place is uneven. Singapore, Taiwan and China account for 90% of the total headcount, whereas Malaysia, Europe and US only account for about 10%.
For security purpose, our company intended to implement AD. Since I am quite new to AD, I am currently stuck on a few questions waiting for your clarification:
My current design is creating one forest and many domain controller, with each domain controller corresponds to one branch. however, some branch such like the ones in malaysia and europe have only a few staffs. So should I still create one dedicated domain controller for such branch?
We intend to set up AD server only in Singapore but not other place, will this design cause latency to oversea users? In what situation should I set up AD server in other branches as well? Which approach is recommendable to our company?
Is VPN necessary for oversea staffs to use AD service(e.g. authentication) and exchange service in HQ?
Thank you in advance.