Domain Question

Dear Experts.

I need to setup a Domain in one of our remote offices. The remote location does not have a steady internet connection and Im worried about replication issues. What is the best type of domain to create in this instance. Is a Child domain less reliant on its communication to the parent domain or is it the same as a tree domain.

Thanks in advance.
Rio_10Asked:
Who is Participating?
 
MaheshArchitectCommented:
You mean to say 4 Mbps for 20 users right ?

In that case i really don't see any reason to deploy DC at remote location.

You should not put DCs at branch locations unless you have genuine requirements such as any application is running there who requires GC \ local DC.
Allow users to authenticate over WAN.

The basic idea is to minimize DC foot print and keep AD management efficient

By default Cached login is enabled in active directory, so in the case where link goes down users will still be able to logon to domain.
Also you can enable offline files on file servers in branch locations if any so that they can access shared data in case of link failure and get synced again once link get restored.


If still you want to deploy DC, child domain cannot be good option. Only for 20 users managing complete new domain is too much.

RODC can be one option upto 100 users, though it has its own advantages and disadvantages
RODC Benefits:
It cached passwords so users can logon in case of link failure and access local resources as well. (No need to use offline files feature)
You can wipe out RODC any time easily and you don't have to worry much about cached passwords and RODC backups
Replication is one way from RW DC to RODC,
No need to place administrators there
Disadvantages:
You must add computer accounts as well in allowed RODC password replication group, otherwise users will not be able to logon in case of link failure because RODC can cache user \ computer password only after 1st authenticated by RW DC
In order to clear cached passwords on RODC, you must reset user and computer password on writable DC and also you need to remove them from allowed password replication group
In case of link failure users cannot reset there password and even if you reset there password on RW DC, it cannot be replicated to RODC and hence user can logon to branch with old password, this is security breach.

Hope that helps

Mahesh
0
 
stergiumCommented:
Hello
My thoughts on this is that replication will not be such an issue since it wont need to replicate all the time the domain data/policys.  So yes to the child domain.
0
 
Miguel Angel Perez MuñozCommented:
Maybe more complex to manage, but having replication issues may fit best create other domain and set a trust relationship. You can start work now on your new domain and when have connection between sites, create trust relationship.
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
Life1430Sr EngineerCommented:
I would say RODC if you have 2008 and above or you may go with replica domain controller at site because child domain creates a more complex enviornment to manage there are security risks involved.
0
 
SreRajCommented:
Hi,

If you have the possibility of adding remote office to existing domain, then you could create a new AD site for this office. Inter-site replication can be scheduled to happen at custom timings and default replication schedule is once in three hours. If the bandwidth is low, then you could even use SMTP for AD Replication.

http://technet.microsoft.com/en-us/library/cc759160(v=ws.10).aspx
0
 
MaheshArchitectCommented:
What is the link speed between main office and remote office and what is the user base at remote location including growth ?

Mahesh
0
 
Rio_10Author Commented:
They only have a 4 meg download and 4 upload. Remote location has about 20 users.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.