Active Directory - Adding DC to new Site

I currently have two domain controllers (Server 2012 R2) both at Headquarters.  DC1 has all 5 FSMO roles on it.  DC2 currently has no roles.  

I am about to purchase rack space at a colocation facility.  I plan on leaving to 2 DCs at HQ and install a 3rd DC at the Colo.  

I will have my Exchange server, SQL Server, and Terminal Servers at the Colo.  

In addition to keeping the DCs at HQ, I will also keep a local file server there as well.  

I know I need to configure AD Sites and Services to add the new site.  My question is should I be moving some of the roles to the DC at the Colo?

During normal operations, with no outages, I will have all of the employees logging in at HQ to the DCs there.  Also, employees working remotely will be logging into the Terminal Servers at the colo, and I would like them to be using the DC at the Colo.

Then, should HQ have an outage, many users will be going home to work remotely via the colo......

Can you please tell me the proper way to configure the domain controllers to accomplish this.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David Johnson, CD, MVPOwnerCommented:
site 2 site vpn for replication traffic, colo should also be a GC
BSModlinAuthor Commented:
I have a 1 GIG P2P link connecting the 2 sites.  

Ok, so make the new (3rd) DC a GC.......  And what about the FSMO roles?
David Johnson, CD, MVPOwnerCommented:
keep them on your main site
Mark DamenERP System ManagerCommented:
You need 2 sites in AD, and also use 2 different subnets - these also need creating and mapping in AD Sites and Services - this is what client PCs use to determine which is their closest DC for login purposes, but will also traverse the P2P link if the servers at either end of your link and unavailable.
Will SzymkowskiSenior Solution ArchitectCommented:
couple of things to note... (may be some overlap)

If you are having Exchange in your 2nd AD site (colo) you will require to have the DC also being a GC/DNS for Exchange to work properly.

When you Add the new DC to the domain with the new Subnet it will automatically add the appropriate 2nd Site and corresponding Subnet to AD Sites and Services.

If one of your DC's in (HQ) goes down it will not failover to the DC in the Colocation. It will use the 2nd DC in your HQ for authentication. If both DC's in HQ go down you need to make sure that all of your clients in HQ have DC1 (HQ) Primary DNS DC2 (HQ) Secondary DNS and DC3 (colo) as a 3rd Entry in DNS. So when both DC's in HQ are offline it will use the DNS/DC in the colo site for authentication.

The same applies for your colo site. DC3 should be primary for any member servers that reside in the Colo site followed by DC1 and DC2 as secondary and 3rd entries.

However, if you lose the DC in the Colo site your Exchange will stop working because Exchange is required to have at least one DC/GC in an AD site where Exchange is hosted.

You may also want to think about having the DHCP role installed on your DC in the Colo site if you will have clients connected to this site they will need IP addresses to communicate on the network. If you only have a few servers that static IP's are sufficent.

I have also created a two part series HowTo for configuring AD Sites and Services on my Site. I would highly recommend checking it out as i go into detail exactly how it should be configured.
note: the link to part two is at the bottom of part one.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.