Solved

Domain Question

Posted on 2014-02-06
7
198 Views
Last Modified: 2014-02-19
Dear Experts.

I need to setup a Domain in one of our remote offices. The remote location does not have a steady internet connection and Im worried about replication issues. What is the best type of domain to create in this instance. Is a Child domain less reliant on its communication to the parent domain or is it the same as a tree domain.

Thanks in advance.
0
Comment
Question by:Rio_10
7 Comments
 
LVL 13

Expert Comment

by:stergium
Comment Utility
Hello
My thoughts on this is that replication will not be such an issue since it wont need to replicate all the time the domain data/policys.  So yes to the child domain.
0
 
LVL 19

Expert Comment

by:Miguel Angel Perez Muñoz
Comment Utility
Maybe more complex to manage, but having replication issues may fit best create other domain and set a trust relationship. You can start work now on your new domain and when have connection between sites, create trust relationship.
0
 
LVL 18

Assisted Solution

by:sarang_tinguria
sarang_tinguria earned 250 total points
Comment Utility
I would say RODC if you have 2008 and above or you may go with replica domain controller at site because child domain creates a more complex enviornment to manage there are security risks involved.
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 
LVL 12

Expert Comment

by:SreRaj
Comment Utility
Hi,

If you have the possibility of adding remote office to existing domain, then you could create a new AD site for this office. Inter-site replication can be scheduled to happen at custom timings and default replication schedule is once in three hours. If the bandwidth is low, then you could even use SMTP for AD Replication.

http://technet.microsoft.com/en-us/library/cc759160(v=ws.10).aspx
0
 
LVL 35

Expert Comment

by:Mahesh
Comment Utility
What is the link speed between main office and remote office and what is the user base at remote location including growth ?

Mahesh
0
 

Author Comment

by:Rio_10
Comment Utility
They only have a 4 meg download and 4 upload. Remote location has about 20 users.
0
 
LVL 35

Accepted Solution

by:
Mahesh earned 250 total points
Comment Utility
You mean to say 4 Mbps for 20 users right ?

In that case i really don't see any reason to deploy DC at remote location.

You should not put DCs at branch locations unless you have genuine requirements such as any application is running there who requires GC \ local DC.
Allow users to authenticate over WAN.

The basic idea is to minimize DC foot print and keep AD management efficient

By default Cached login is enabled in active directory, so in the case where link goes down users will still be able to logon to domain.
Also you can enable offline files on file servers in branch locations if any so that they can access shared data in case of link failure and get synced again once link get restored.


If still you want to deploy DC, child domain cannot be good option. Only for 20 users managing complete new domain is too much.

RODC can be one option upto 100 users, though it has its own advantages and disadvantages
RODC Benefits:
It cached passwords so users can logon in case of link failure and access local resources as well. (No need to use offline files feature)
You can wipe out RODC any time easily and you don't have to worry much about cached passwords and RODC backups
Replication is one way from RW DC to RODC,
No need to place administrators there
Disadvantages:
You must add computer accounts as well in allowed RODC password replication group, otherwise users will not be able to logon in case of link failure because RODC can cache user \ computer password only after 1st authenticated by RW DC
In order to clear cached passwords on RODC, you must reset user and computer password on writable DC and also you need to remove them from allowed password replication group
In case of link failure users cannot reset there password and even if you reset there password on RW DC, it cannot be replicated to RODC and hence user can logon to branch with old password, this is security breach.

Hope that helps

Mahesh
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Suggested Solutions

Welcome to my series of short tips on migrations. Whilst based on Microsoft migrations the same principles can be applied to any type of migration. My first tip Migration Tip #1 – Source Server Health can be found here: http://www.experts-exchang…
Remote Apps is a feature in server 2008 which allows users to run applications off Remote Desktop Servers without having to log into them to run the applications.  The user can either have a desktop shortcut installed or go through the web portal to…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now