Solved

Domain Question

Posted on 2014-02-06
7
202 Views
Last Modified: 2014-02-19
Dear Experts.

I need to setup a Domain in one of our remote offices. The remote location does not have a steady internet connection and Im worried about replication issues. What is the best type of domain to create in this instance. Is a Child domain less reliant on its communication to the parent domain or is it the same as a tree domain.

Thanks in advance.
0
Comment
Question by:Rio_10
7 Comments
 
LVL 13

Expert Comment

by:stergium
ID: 39838266
Hello
My thoughts on this is that replication will not be such an issue since it wont need to replicate all the time the domain data/policys.  So yes to the child domain.
0
 
LVL 19

Expert Comment

by:Miguel Angel Perez Muñoz
ID: 39838277
Maybe more complex to manage, but having replication issues may fit best create other domain and set a trust relationship. You can start work now on your new domain and when have connection between sites, create trust relationship.
0
 
LVL 18

Assisted Solution

by:Sarang Tinguria
Sarang Tinguria earned 250 total points
ID: 39838418
I would say RODC if you have 2008 and above or you may go with replica domain controller at site because child domain creates a more complex enviornment to manage there are security risks involved.
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 12

Expert Comment

by:SreRaj
ID: 39838731
Hi,

If you have the possibility of adding remote office to existing domain, then you could create a new AD site for this office. Inter-site replication can be scheduled to happen at custom timings and default replication schedule is once in three hours. If the bandwidth is low, then you could even use SMTP for AD Replication.

http://technet.microsoft.com/en-us/library/cc759160(v=ws.10).aspx
0
 
LVL 36

Expert Comment

by:Mahesh
ID: 39839867
What is the link speed between main office and remote office and what is the user base at remote location including growth ?

Mahesh
0
 

Author Comment

by:Rio_10
ID: 39841150
They only have a 4 meg download and 4 upload. Remote location has about 20 users.
0
 
LVL 36

Accepted Solution

by:
Mahesh earned 250 total points
ID: 39841690
You mean to say 4 Mbps for 20 users right ?

In that case i really don't see any reason to deploy DC at remote location.

You should not put DCs at branch locations unless you have genuine requirements such as any application is running there who requires GC \ local DC.
Allow users to authenticate over WAN.

The basic idea is to minimize DC foot print and keep AD management efficient

By default Cached login is enabled in active directory, so in the case where link goes down users will still be able to logon to domain.
Also you can enable offline files on file servers in branch locations if any so that they can access shared data in case of link failure and get synced again once link get restored.


If still you want to deploy DC, child domain cannot be good option. Only for 20 users managing complete new domain is too much.

RODC can be one option upto 100 users, though it has its own advantages and disadvantages
RODC Benefits:
It cached passwords so users can logon in case of link failure and access local resources as well. (No need to use offline files feature)
You can wipe out RODC any time easily and you don't have to worry much about cached passwords and RODC backups
Replication is one way from RW DC to RODC,
No need to place administrators there
Disadvantages:
You must add computer accounts as well in allowed RODC password replication group, otherwise users will not be able to logon in case of link failure because RODC can cache user \ computer password only after 1st authenticated by RW DC
In order to clear cached passwords on RODC, you must reset user and computer password on writable DC and also you need to remove them from allowed password replication group
In case of link failure users cannot reset there password and even if you reset there password on RW DC, it cannot be replicated to RODC and hence user can logon to branch with old password, this is security breach.

Hope that helps

Mahesh
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question