Solved

Do I need a seperate AD site/DC for small office(s)

Posted on 2014-01-09
5
310 Views
Last Modified: 2014-01-09
I have a 12 person office about 4000 miles away (in the EU) from our main office (US).  Currently, we have a site to site VPN (10meg, about 80ms latency) which the remote users use for AD and Exchange.  They have a few local servers, so file read/write latency isn't an issue.  Exchange is also fine.  Everything works fine, so I have been working under "If its not broken, don't fix it"

I just wanted a sanity check to see if setting up a new site and putting a DC in that location would buy me anything.  Additionally, if done, how would that impact the Exchange server (single instance, 2010, one Mailbox server and one CAS/Hub server).  We are also setting up another 2-3 person remote office in the US which I am initially going to continue to support as we do for remote workers (VPN Client connections all day).  

The total organization size is small (<100 users), so I don't want to build unnecessary infrastructure, (read: I have a microscopic budget) but I also want to do it right.  

Thanks.
0
Comment
Question by:mchad65
5 Comments
 
LVL 35

Assisted Solution

by:Joseph Daly
Joseph Daly earned 167 total points
ID: 39767969
Putting a DC in that office would get you a little bit of redundancy as well as speed up logins if you designate it as a global catalog. Probably would also help out with any group policies you have configured as right now those are also going across the wire.

With the setup you have now if for some reason you were to lose your connection back to the main office your users would not be able to open files since they have no DC to authenticate against.

If it were me I would probably put a DC in that office and create a site in AD sites and services.

This shouldnt really affect your exchange organization since you can keep the mailboxes on the server where they currently are now.
0
 

Author Comment

by:mchad65
ID: 39768020
That was my thought.  Now, to keep costs down, since the file server is 2008R2, would it be sacrilege to simply install AD services on it?  (thinking back to 1997 when my first NT server was an all in one, file, exchange, AD)
0
 
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 166 total points
ID: 39768089
For 12 users it is probably not worth the hassel of setting up another DC in this location, yes Authentication might be slightly faster but it would just be the initial login.

At best I would only consider putting in an RODC and caching the users password to this DC. This would benefit in the event that your head office goes down (for whatever reason) your users in the remote office will still be able to function access local shares and also accessing the internet.

RODC is also much more secure and no changes can be done on this server directly. As for Exchange it will not affect your current Exchange setup as they are getting their mail from the head office.

If you were ever going to host Exchange in the remote office (which i dont think you would considering you only have 12 users) you would need to have a full read/write DC also acting as a GC as well.

I would not change your current setup. But if you have a requirement I would only add an RODC.

Will.
0
 

Author Comment

by:mchad65
ID: 39768119
Both good responses.  I have 3 DC's in my main office infrastructure, one in the office itself (pdc role) and two a data center (Both bdc's).  So I have redundancies there.  I'll look into the RODC idea, I hadn't thought of it actually.  Thanks both of you.
0
 
LVL 1

Accepted Solution

by:
kostbad earned 167 total points
ID: 39768120
-----
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
Remote Apps is a feature in server 2008 which allows users to run applications off Remote Desktop Servers without having to log into them to run the applications.  The user can either have a desktop shortcut installed or go through the web portal to…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now