We help IT Professionals succeed at work.

Virtual DC over VPN for file storage - config options

alatham23 asked
Last Modified: 2013-12-23
I currently have a server that needs to be replaced.  It is an old 2003 SBS server.  I have some plans but don't know the exact correct way to carry them out.

I plan on setting up a new Server 2008 R2 server on our main VMware host environment to be used for the remote location as the Primary Domain Controller and DNS server and file server mostly.  There will be no Exchange or SQL on this server.

My questions have to do with networking over the VPN.  Currently we are on a network at the main network and network on the remote network.  Once I setup the server on the main network, how do I associate the workstation at the remote network with the server here?  Do I need to match the IP addressing at the remote site with the server at the main site?  I know one way is to setup the default DNS server at the remote to be the server at the main office and a secondary public DNS incase the VPN goes down.  I just don't know what is the most efficient way to do this.  

Most of the traffic back and forth will be simply file storage and then possibly a software package on RemoteApp or RDP.  That should be all that is run over the VPN.

Thanks for suggestions on this networking advancement situation.
Watch Question

This one is on us!
(Get your first solution completely free - no credit card required)


There are actually only 2 users onsite.  This location has grown smaller as more users are remote and do not have a need to use a server anymore.

That is why managing a server from a remote office with 2 users is tough to accommodate when it could all be done over the VPN and we could manage it all locally instead.

The remote site has a 30/10 Internet pipe and the main site has an 80/10 Internet pipe so we should be good there.

I will make sure to setup the DHCP server locally with the correct DNS server IP and DNS suffix to make things go smoothly.

If you have more remote people than actual office workers in this branch, it might also make sense to get a terminal server for them to use.  Then you would only care about printer traffic so the main campus can print to the other's printers, or you can just use the mapping of local resources for that and ditch the whole VPN thing entirely.

Everything else would be handled locally from the network perspective, since the terminal server is at the main office.  The workstations at that point will only need to have valid internet connection.  It doesn't even matter if old or new, mac or pc.  

This would cover all workers that are not at main location, and i found my break point on if it is worth it is usually around 5-8 offsite employees vs. extra admin costs for vpn management, good equipment for desktop experience, and keeping software licensed, AV, Office, etc.


Yes, we do actually have a Terminal Server at the main office that we use for a lot of users offsite.  We will be adding some more of these users into this server as we go forward.

We use the VPN for printing using IP addresses to network printers.  The VPN hasn't been much maintenance in the last year so it has been working well.

Thanks for the suggestions though.

Cool.  Myself, I would just train my two users at the remote site to use the terminal server, and just have the SOP for @ main office then another for everyone else.  You can keep VPN for VOIP and network printers.  Local printing can be handled by the TS in case they have a printer at their desk instead of a true network printer.  If it is a true network printer, you can add that to the TS, so they don't need to set it up themselves.

If you have the time, it would be a good time to check out the new changes in 2012 for remote desktop.  I just set one up, and will say I am impressed, using local resources like USB drives, cameras, etc are fairly easy, and mostly transparent to the end user.

But as for your original post, I think you already have a working plan that will work in a pinch too that is really just adding the primary DNS and domain suffix to the remote site DHCP.
In the past I have used TS / RDS server for small remote sites. It is much easier to manage.

On another note if you clients are all Windows 7 & 8 and you are running Window 2008 R2 or 2012 you could setup DirectAccess???

On another note, I have never heard of the FQDN style, servername != servername.domainname.local syntax


Thanks for the suggestions with Windows 7/8 using DirectAccess but we don't have enterprise versions of those operating systems.  We just have the Professional versions that came with the computers.

I will check into that down the road though.
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.