Do I need a seperate AD site/DC for small office(s)

I have a 12 person office about 4000 miles away (in the EU) from our main office (US).  Currently, we have a site to site VPN (10meg, about 80ms latency) which the remote users use for AD and Exchange.  They have a few local servers, so file read/write latency isn't an issue.  Exchange is also fine.  Everything works fine, so I have been working under "If its not broken, don't fix it"

I just wanted a sanity check to see if setting up a new site and putting a DC in that location would buy me anything.  Additionally, if done, how would that impact the Exchange server (single instance, 2010, one Mailbox server and one CAS/Hub server).  We are also setting up another 2-3 person remote office in the US which I am initially going to continue to support as we do for remote workers (VPN Client connections all day).  

The total organization size is small (<100 users), so I don't want to build unnecessary infrastructure, (read: I have a microscopic budget) but I also want to do it right.  

Thanks.
mchad65Asked:
Who is Participating?
 
kostbadConnect With a Mentor Commented:
-----
0
 
Joseph DalyConnect With a Mentor Commented:
Putting a DC in that office would get you a little bit of redundancy as well as speed up logins if you designate it as a global catalog. Probably would also help out with any group policies you have configured as right now those are also going across the wire.

With the setup you have now if for some reason you were to lose your connection back to the main office your users would not be able to open files since they have no DC to authenticate against.

If it were me I would probably put a DC in that office and create a site in AD sites and services.

This shouldnt really affect your exchange organization since you can keep the mailboxes on the server where they currently are now.
0
 
mchad65Author Commented:
That was my thought.  Now, to keep costs down, since the file server is 2008R2, would it be sacrilege to simply install AD services on it?  (thinking back to 1997 when my first NT server was an all in one, file, exchange, AD)
0
 
Will SzymkowskiConnect With a Mentor Senior Solution ArchitectCommented:
For 12 users it is probably not worth the hassel of setting up another DC in this location, yes Authentication might be slightly faster but it would just be the initial login.

At best I would only consider putting in an RODC and caching the users password to this DC. This would benefit in the event that your head office goes down (for whatever reason) your users in the remote office will still be able to function access local shares and also accessing the internet.

RODC is also much more secure and no changes can be done on this server directly. As for Exchange it will not affect your current Exchange setup as they are getting their mail from the head office.

If you were ever going to host Exchange in the remote office (which i dont think you would considering you only have 12 users) you would need to have a full read/write DC also acting as a GC as well.

I would not change your current setup. But if you have a requirement I would only add an RODC.

Will.
0
 
mchad65Author Commented:
Both good responses.  I have 3 DC's in my main office infrastructure, one in the office itself (pdc role) and two a data center (Both bdc's).  So I have redundancies there.  I'll look into the RODC idea, I hadn't thought of it actually.  Thanks both of you.
0
All Courses

From novice to tech pro — start learning today.