Solved

Domain Question

Posted on 2014-02-06
7
204 Views
Last Modified: 2014-02-19
Dear Experts.

I need to setup a Domain in one of our remote offices. The remote location does not have a steady internet connection and Im worried about replication issues. What is the best type of domain to create in this instance. Is a Child domain less reliant on its communication to the parent domain or is it the same as a tree domain.

Thanks in advance.
0
Comment
Question by:Rio_10
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 13

Expert Comment

by:stergium
ID: 39838266
Hello
My thoughts on this is that replication will not be such an issue since it wont need to replicate all the time the domain data/policys.  So yes to the child domain.
0
 
LVL 19

Expert Comment

by:Miguel Angel Perez Muñoz
ID: 39838277
Maybe more complex to manage, but having replication issues may fit best create other domain and set a trust relationship. You can start work now on your new domain and when have connection between sites, create trust relationship.
0
 
LVL 18

Assisted Solution

by:Sarang Tinguria
Sarang Tinguria earned 250 total points
ID: 39838418
I would say RODC if you have 2008 and above or you may go with replica domain controller at site because child domain creates a more complex enviornment to manage there are security risks involved.
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 12

Expert Comment

by:SreRaj
ID: 39838731
Hi,

If you have the possibility of adding remote office to existing domain, then you could create a new AD site for this office. Inter-site replication can be scheduled to happen at custom timings and default replication schedule is once in three hours. If the bandwidth is low, then you could even use SMTP for AD Replication.

http://technet.microsoft.com/en-us/library/cc759160(v=ws.10).aspx
0
 
LVL 37

Expert Comment

by:Mahesh
ID: 39839867
What is the link speed between main office and remote office and what is the user base at remote location including growth ?

Mahesh
0
 

Author Comment

by:Rio_10
ID: 39841150
They only have a 4 meg download and 4 upload. Remote location has about 20 users.
0
 
LVL 37

Accepted Solution

by:
Mahesh earned 250 total points
ID: 39841690
You mean to say 4 Mbps for 20 users right ?

In that case i really don't see any reason to deploy DC at remote location.

You should not put DCs at branch locations unless you have genuine requirements such as any application is running there who requires GC \ local DC.
Allow users to authenticate over WAN.

The basic idea is to minimize DC foot print and keep AD management efficient

By default Cached login is enabled in active directory, so in the case where link goes down users will still be able to logon to domain.
Also you can enable offline files on file servers in branch locations if any so that they can access shared data in case of link failure and get synced again once link get restored.


If still you want to deploy DC, child domain cannot be good option. Only for 20 users managing complete new domain is too much.

RODC can be one option upto 100 users, though it has its own advantages and disadvantages
RODC Benefits:
It cached passwords so users can logon in case of link failure and access local resources as well. (No need to use offline files feature)
You can wipe out RODC any time easily and you don't have to worry much about cached passwords and RODC backups
Replication is one way from RW DC to RODC,
No need to place administrators there
Disadvantages:
You must add computer accounts as well in allowed RODC password replication group, otherwise users will not be able to logon in case of link failure because RODC can cache user \ computer password only after 1st authenticated by RW DC
In order to clear cached passwords on RODC, you must reset user and computer password on writable DC and also you need to remove them from allowed password replication group
In case of link failure users cannot reset there password and even if you reset there password on RW DC, it cannot be replicated to RODC and hence user can logon to branch with old password, this is security breach.

Hope that helps

Mahesh
0

Featured Post

Salesforce Made Easy to Use

On-screen guidance at the moment of need enables you & your employees to focus on the core, you can now boost your adoption rates swiftly and simply with one easy tool.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Issue: One Windows 2008 R2 64bit server on the network unable to connect to a buffalo Device (Linkstation) with firmware version 1.56. There are a total of four servers on the network this being one of them. Troubleshooting Steps: Connect via h…
This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question