[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


moving domain PCs to a new office, with no local DCs

Posted on 2014-08-13
Medium Priority
Last Modified: 2014-10-15
we are moving a couple of users to a new location that does not have a local domain controller on site
they are also going to be on a different network

example - the site they are currently at is setup on the following network-
it has 2 domain controllers
they will be moving their physical PCs to another office, which has direct access to the domain controllers at the other office, but they will be on the network

do i need to add anything to sites and services?  we wont be adding a domain controller just yet, but plan on it in the future.
Question by:jsctechy
LVL 36

Accepted Solution

Seth Simmons earned 1600 total points
ID: 40258493
i would add the network to the same site as
there would be latency but if they can talk to each other, it should work fine
once you get a domain controller in the other place, just create the additional site and move the network there
LVL 14

Expert Comment

by:Ben Hart
ID: 40258495
I dont believe you should need to do anything.  Provided the new office subnet can access those DC's, and that DNS works you should be good.  Are you able to test a single host before the move?

Expert Comment

by:Chad Franks
ID: 40258505
different network, but same domain?  if its the same domain, then I would check to see if you can resolve the DNS name of the domain controller.  If you can, then authentication should take place. Are there any firewall's between the new site and the old one?
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

LVL 38

Expert Comment

ID: 40258973
No matter where you move client computers, the computers will try to authenticate with DC in site where you latch that computer IP subnet
However if that site DC is inaccessible and other site DC is accessible, computers will get authenticated to that site.
Better you latch computers IP subnet to site where client can access DC
LVL 27

Assisted Solution

DrDave242 earned 400 total points
ID: 40259245
You don't have to make any changes, as those machines will still be able to authenticate, but if you don't, your DCs will periodically log an event (can't remember whether it's an error or a warning) stating that they've received x number of authentication requests from machines in a subnet that's not associated with an AD site. The exact wording will be different, but you get the idea.

I'd go with Seth Simmons' recommendation above: create the new subnet object and map it to the site with the DCs. (If you've got DCs in more than one site, use the one with the best connectivity to the remote site.) When you do add a DC at the remote site, don't forget to move the subnet object.
LVL 14

Expert Comment

by:Ben Hart
ID: 40372802
OP you did not respond to any Expert suggestions.  What is the status of your problem?
LVL 27

Expert Comment

ID: 40373084
For what it's worth, I think Seth deserves most of the points. My comment, which you marked as the answer, was mostly just me agreeing with him, with a little added info. If you want to split the points, that's fine by me, but he should get most of them, in my opinion.

Featured Post

Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here's a look at newsworthy articles and community happenings during the last month.
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question