Solved

Do I need a seperate AD site/DC for small office(s)

Posted on 2014-01-09
5
324 Views
Last Modified: 2014-01-09
I have a 12 person office about 4000 miles away (in the EU) from our main office (US).  Currently, we have a site to site VPN (10meg, about 80ms latency) which the remote users use for AD and Exchange.  They have a few local servers, so file read/write latency isn't an issue.  Exchange is also fine.  Everything works fine, so I have been working under "If its not broken, don't fix it"

I just wanted a sanity check to see if setting up a new site and putting a DC in that location would buy me anything.  Additionally, if done, how would that impact the Exchange server (single instance, 2010, one Mailbox server and one CAS/Hub server).  We are also setting up another 2-3 person remote office in the US which I am initially going to continue to support as we do for remote workers (VPN Client connections all day).  

The total organization size is small (<100 users), so I don't want to build unnecessary infrastructure, (read: I have a microscopic budget) but I also want to do it right.  

Thanks.
0
Comment
Question by:mchad65
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 35

Assisted Solution

by:Joseph Daly
Joseph Daly earned 167 total points
ID: 39767969
Putting a DC in that office would get you a little bit of redundancy as well as speed up logins if you designate it as a global catalog. Probably would also help out with any group policies you have configured as right now those are also going across the wire.

With the setup you have now if for some reason you were to lose your connection back to the main office your users would not be able to open files since they have no DC to authenticate against.

If it were me I would probably put a DC in that office and create a site in AD sites and services.

This shouldnt really affect your exchange organization since you can keep the mailboxes on the server where they currently are now.
0
 

Author Comment

by:mchad65
ID: 39768020
That was my thought.  Now, to keep costs down, since the file server is 2008R2, would it be sacrilege to simply install AD services on it?  (thinking back to 1997 when my first NT server was an all in one, file, exchange, AD)
0
 
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 166 total points
ID: 39768089
For 12 users it is probably not worth the hassel of setting up another DC in this location, yes Authentication might be slightly faster but it would just be the initial login.

At best I would only consider putting in an RODC and caching the users password to this DC. This would benefit in the event that your head office goes down (for whatever reason) your users in the remote office will still be able to function access local shares and also accessing the internet.

RODC is also much more secure and no changes can be done on this server directly. As for Exchange it will not affect your current Exchange setup as they are getting their mail from the head office.

If you were ever going to host Exchange in the remote office (which i dont think you would considering you only have 12 users) you would need to have a full read/write DC also acting as a GC as well.

I would not change your current setup. But if you have a requirement I would only add an RODC.

Will.
0
 

Author Comment

by:mchad65
ID: 39768119
Both good responses.  I have 3 DC's in my main office infrastructure, one in the office itself (pdc role) and two a data center (Both bdc's).  So I have redundancies there.  I'll look into the RODC idea, I hadn't thought of it actually.  Thanks both of you.
0
 
LVL 1

Accepted Solution

by:
kostbad earned 167 total points
ID: 39768120
-----
0

Featured Post

SharePoint Admin?

Enable Your Employees To Focus On The Core With Intuitive Onscreen Guidance That is With You At The Moment of Need.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question