Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Domain Question

Posted on 2014-02-06
7
Medium Priority
?
208 Views
Last Modified: 2014-02-19
Dear Experts.

I need to setup a Domain in one of our remote offices. The remote location does not have a steady internet connection and Im worried about replication issues. What is the best type of domain to create in this instance. Is a Child domain less reliant on its communication to the parent domain or is it the same as a tree domain.

Thanks in advance.
0
Comment
Question by:Rio_10
7 Comments
 
LVL 13

Expert Comment

by:stergium
ID: 39838266
Hello
My thoughts on this is that replication will not be such an issue since it wont need to replicate all the time the domain data/policys.  So yes to the child domain.
0
 
LVL 19

Expert Comment

by:Miguel Angel Perez Muñoz
ID: 39838277
Maybe more complex to manage, but having replication issues may fit best create other domain and set a trust relationship. You can start work now on your new domain and when have connection between sites, create trust relationship.
0
 
LVL 18

Assisted Solution

by:Sarang Tinguria
Sarang Tinguria earned 1000 total points
ID: 39838418
I would say RODC if you have 2008 and above or you may go with replica domain controller at site because child domain creates a more complex enviornment to manage there are security risks involved.
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 12

Expert Comment

by:SreRaj
ID: 39838731
Hi,

If you have the possibility of adding remote office to existing domain, then you could create a new AD site for this office. Inter-site replication can be scheduled to happen at custom timings and default replication schedule is once in three hours. If the bandwidth is low, then you could even use SMTP for AD Replication.

http://technet.microsoft.com/en-us/library/cc759160(v=ws.10).aspx
0
 
LVL 38

Expert Comment

by:Mahesh
ID: 39839867
What is the link speed between main office and remote office and what is the user base at remote location including growth ?

Mahesh
0
 

Author Comment

by:Rio_10
ID: 39841150
They only have a 4 meg download and 4 upload. Remote location has about 20 users.
0
 
LVL 38

Accepted Solution

by:
Mahesh earned 1000 total points
ID: 39841690
You mean to say 4 Mbps for 20 users right ?

In that case i really don't see any reason to deploy DC at remote location.

You should not put DCs at branch locations unless you have genuine requirements such as any application is running there who requires GC \ local DC.
Allow users to authenticate over WAN.

The basic idea is to minimize DC foot print and keep AD management efficient

By default Cached login is enabled in active directory, so in the case where link goes down users will still be able to logon to domain.
Also you can enable offline files on file servers in branch locations if any so that they can access shared data in case of link failure and get synced again once link get restored.


If still you want to deploy DC, child domain cannot be good option. Only for 20 users managing complete new domain is too much.

RODC can be one option upto 100 users, though it has its own advantages and disadvantages
RODC Benefits:
It cached passwords so users can logon in case of link failure and access local resources as well. (No need to use offline files feature)
You can wipe out RODC any time easily and you don't have to worry much about cached passwords and RODC backups
Replication is one way from RW DC to RODC,
No need to place administrators there
Disadvantages:
You must add computer accounts as well in allowed RODC password replication group, otherwise users will not be able to logon in case of link failure because RODC can cache user \ computer password only after 1st authenticated by RW DC
In order to clear cached passwords on RODC, you must reset user and computer password on writable DC and also you need to remove them from allowed password replication group
In case of link failure users cannot reset there password and even if you reset there password on RW DC, it cannot be replicated to RODC and hence user can logon to branch with old password, this is security breach.

Hope that helps

Mahesh
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses

877 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question