Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Do I need a seperate AD site/DC for small office(s)

Posted on 2014-01-09
5
Medium Priority
?
326 Views
Last Modified: 2014-01-09
I have a 12 person office about 4000 miles away (in the EU) from our main office (US).  Currently, we have a site to site VPN (10meg, about 80ms latency) which the remote users use for AD and Exchange.  They have a few local servers, so file read/write latency isn't an issue.  Exchange is also fine.  Everything works fine, so I have been working under "If its not broken, don't fix it"

I just wanted a sanity check to see if setting up a new site and putting a DC in that location would buy me anything.  Additionally, if done, how would that impact the Exchange server (single instance, 2010, one Mailbox server and one CAS/Hub server).  We are also setting up another 2-3 person remote office in the US which I am initially going to continue to support as we do for remote workers (VPN Client connections all day).  

The total organization size is small (<100 users), so I don't want to build unnecessary infrastructure, (read: I have a microscopic budget) but I also want to do it right.  

Thanks.
0
Comment
Question by:mchad65
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 35

Assisted Solution

by:Joseph Daly
Joseph Daly earned 668 total points
ID: 39767969
Putting a DC in that office would get you a little bit of redundancy as well as speed up logins if you designate it as a global catalog. Probably would also help out with any group policies you have configured as right now those are also going across the wire.

With the setup you have now if for some reason you were to lose your connection back to the main office your users would not be able to open files since they have no DC to authenticate against.

If it were me I would probably put a DC in that office and create a site in AD sites and services.

This shouldnt really affect your exchange organization since you can keep the mailboxes on the server where they currently are now.
0
 

Author Comment

by:mchad65
ID: 39768020
That was my thought.  Now, to keep costs down, since the file server is 2008R2, would it be sacrilege to simply install AD services on it?  (thinking back to 1997 when my first NT server was an all in one, file, exchange, AD)
0
 
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 664 total points
ID: 39768089
For 12 users it is probably not worth the hassel of setting up another DC in this location, yes Authentication might be slightly faster but it would just be the initial login.

At best I would only consider putting in an RODC and caching the users password to this DC. This would benefit in the event that your head office goes down (for whatever reason) your users in the remote office will still be able to function access local shares and also accessing the internet.

RODC is also much more secure and no changes can be done on this server directly. As for Exchange it will not affect your current Exchange setup as they are getting their mail from the head office.

If you were ever going to host Exchange in the remote office (which i dont think you would considering you only have 12 users) you would need to have a full read/write DC also acting as a GC as well.

I would not change your current setup. But if you have a requirement I would only add an RODC.

Will.
0
 

Author Comment

by:mchad65
ID: 39768119
Both good responses.  I have 3 DC's in my main office infrastructure, one in the office itself (pdc role) and two a data center (Both bdc's).  So I have redundancies there.  I'll look into the RODC idea, I hadn't thought of it actually.  Thanks both of you.
0
 
LVL 1

Accepted Solution

by:
kostbad earned 668 total points
ID: 39768120
-----
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question