Cloning an AD and synchronizing it across the 'net

I have a single Active Directory server that I've had running for a good while.  I have to move it and some other boxes to a colo facility for a couple of months, which leaves the remaining server and some workstations stranded in my office.  The remaining server is a 2008 server.  

Is there a way to configure that as a backup AD server and keep the two synchronized?


Ben ConnerCTO, SAS developerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David Johnson, CD, MVPOwnerCommented:
site to site vpn comes immediately to mind
Jeff GloverSr. Systems AdministratorCommented:
Do you have connectivity between the office and Colo? Secured? Is the Single AD server 2008? R2? 2012? If you already have secured connectivity, then just make the 2008 server an additional DC in the domain.
Ben ConnerCTO, SAS developerAuthor Commented:
Had to look; it is 2008 but not R2.  This domain has been around well over a decade and I think it is emulating a 2000 DC or possibly 2003.  Don't know if that makes a difference.  

This network is very low-volume wrt AD activity.  Probably 5 login accounts and 15 servers/workstations.  And very few changes over time.

I'm considering vpn but one side may suck so bad in terms of bandwidth that I'm concerned that may interfere with a vpn.  Is there a basic replication that can also be done?  The separation will be temporary, about a month or two at most.  I've even thought about just ignoring it and letting the backup AD controller (once established) hanging out on its own until the network comes back together again.  Does that also sound viable?
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

Jeff GloverSr. Systems AdministratorCommented:
Not a good idea.You really should have connectivity between 2 DCs. Otherwise, you can get AD going into an unstable state with unreplicated changes.  Are the workstations in your office on the domain? Without seeing the actual network and what you support, it would be hard to make a good recommendation. 5 users is negligible for AD. How are your users connecting now? Are they getting DNS and DHCP (if used) locally? Are they connecting to file shares in the Colo now that you have moved?
Ben ConnerCTO, SAS developerAuthor Commented:
I use it for dns resolution for the internal workstations, but I have a router that makes DHCP assignments.  Right now it is all on the same LAN.  The users log in on the domain through the AD server.

Haven't moved the servers yet.  I thought I would ask intelligent questions before the move so I don't have to ask desperate ones afterward.  Probably this weekend.

Jeff GloverSr. Systems AdministratorCommented:
I would really look into a VPN solution, even if it was a cheap one. Without some network connectivity, you are not going to be able to keep running. Allowing AD ports over the Internet is just asking for trouble. You would probably be hacked within hours. What are the servers in the Colo going to be for?

You might get away with this. Make the 2008 an additional DC. Setup a VPN between the sites (even if the bandwidth sucks). Setup the Colo as a separate site, associate the subnet correctly, once the main server is moved, move it to the new site in AD Sites and Services and set the replication interval on the default site link high, maybe once a day.  Replication between sites is scheduled so you will minimize the traffic due to it. You can always force replication if needed. But, it depends on having connectivity between the sites.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Ben ConnerCTO, SAS developerAuthor Commented:
Excellent suggestion; I still need to access data off the servers so a VPN is a necessity.  Thanks much!

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.