Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Server 2012 VPN S2S and Active Directory Best practice without servers at each location

Posted on 2015-02-12
4
Medium Priority
?
145 Views
Last Modified: 2015-02-17
I've setup SonicWall TZ215's with site to site VPN's and had luck using a central AD server without local AD servers on each location, but ran into the once in a blue moon losing trust issues. Does anyone have a best practices opinion on such a setup with many small locations needing AD to access the central server? The next company is looking at 15 locations with about 6 computers/users each. Should I just go with the way I've used in the past to save them an expensive server and setup costs, or should I push for a server at each location? Pro's and Con's of each would also be appreciated.
0
Comment
Question by:Josh Garrett
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 668 total points
ID: 40606667
For anything under 15 users I would not put a DC in that location, for licensing purposes. If you have larger sites that have a DC at them you could configure sites and services to authenticate with a particular site based on Geographical location. This way it will not just try to authenticate from and DC that is can find.

Personally I would leave it the same as you have it already. You usually only have DC's in a remote site when there are 20+ users (depending on the WAN connection). I have seen remote sites with 30+ users with no DC local and it worked fine. They had local file server and whcih also acted as a DHCP server and it worked fine.

It really all depends on the connection to the main site.

You would also have a DC local if you were hosting application services like Exchange where you require a DC in the site itself. I am assuming that with 6-10 users you are not going to be hosting Exchange.

RODC is also an option but once again not worth it for 6-10 users.

Keep it the same.

Will.
0
 
LVL 37

Assisted Solution

by:bbao
bbao earned 668 total points
ID: 40607348
> should I push for a server at each location?

i think the 'server' here is for DC server. but how how about other application servers and file servers if any? and as mentioned above, how many users are there for each site?

the answer you are looking for is actually based on your business requirements which somehow can be represented by the network resources (e.g. as asked above) currently arranged at the head office and its branches.

so btetter more details please?
0
 
LVL 12

Assisted Solution

by:Dave
Dave earned 664 total points
ID: 40607450
I haven't seen any "loosing trust" issues with site-2-site VPN. The issues I have seen have been with ADSL and long logoff on times with roaming profile as its saved at logoff, and slow document save times.

As others have said the proper design depends so much on the business requirements, which then drives the technical specification.

So in this case do they really need local hardware access, if not then solutions like Terminal Services/Citrix/Client Virtualization can be cost effective.
0
 
LVL 1

Author Closing Comment

by:Josh Garrett
ID: 40615906
Thanks guys, the reassurance was great.
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question