Warren Lloyd
asked on
Setup new site as trusted domain or additional domain controller
Hi
I have a small company who have just bought another company and I'm wondering what the best way to configure the active directory servers on each site?
The existing site has a server running 2012 with active directory (around 10 users). The new site has 4 old PCs and are to be replaced and no server. The two sites will be linked via hardware VPN over standard ADSL broadband. The new site will only have around 4 users to begin with.
My question is how should configure the server in the new site? Do I put a server in and create a new domain then create an active directory trust between the two domain names or just a setup the second site server as an additional domain controller?
I'm unsure of the pros and cons of each method. Any advice would be very welcome.
Many thanks
Warren
I have a small company who have just bought another company and I'm wondering what the best way to configure the active directory servers on each site?
The existing site has a server running 2012 with active directory (around 10 users). The new site has 4 old PCs and are to be replaced and no server. The two sites will be linked via hardware VPN over standard ADSL broadband. The new site will only have around 4 users to begin with.
My question is how should configure the server in the new site? Do I put a server in and create a new domain then create an active directory trust between the two domain names or just a setup the second site server as an additional domain controller?
I'm unsure of the pros and cons of each method. Any advice would be very welcome.
Many thanks
Warren
Last Comment
ASKER
It's a different location.
2 options build new DC in that location to get those user authentication which will happen very fast and back end replication will also be parallely going on over wan
Or.
If you have any citrix/VPN/web connect concept then you can give them access through that.
This will be good only when the site staff in not increasing. This will be cost effective also.
Or.
If you have any citrix/VPN/web connect concept then you can give them access through that.
This will be good only when the site staff in not increasing. This will be cost effective also.
Are you going to have anything else at this site besides 4 users? File Servers, printers? Are there any admins there?
If there are only 4 users, I wouldn't do much of anything. Just make sure they all point DNS to your Main DNS servers at the current site and join them to your domain.
If you have no admin there and you really want to put a DC there, I recommend an RODC. You will hear a lot of cons against them but we are using them and as long as you think the setup properly, there should be no issues.
If there are only 4 users, I wouldn't do much of anything. Just make sure they all point DNS to your Main DNS servers at the current site and join them to your domain.
If you have no admin there and you really want to put a DC there, I recommend an RODC. You will hear a lot of cons against them but we are using them and as long as you think the setup properly, there should be no issues.
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
My suggestion is go with Additional domain controller (read only domain controller) in new site.
Plan for long term benefits. In future sites may increased, file servers, print servers etc. may be implemented which requires AD authentication.
you can implement it with minimal budget. you can upgrade as per your requirement in future.
Plan for long term benefits. In future sites may increased, file servers, print servers etc. may be implemented which requires AD authentication.
you can implement it with minimal budget. you can upgrade as per your requirement in future.
RoDC does not provide recovery capability. Without knowing more about the network and physical security available and needed, recommending RoDC config is, in my opinion, the wrong option.
ASKER
Hi everyone
Thanks for your comments. I think an addition DC is the way to go. I take the point you could authenticate over vpn, but I think I'd feel better having a second dc on site.
Really appreciate the feedback, thanks agian!
Warren
Thanks for your comments. I think an addition DC is the way to go. I take the point you could authenticate over vpn, but I think I'd feel better having a second dc on site.
Really appreciate the feedback, thanks agian!
Warren
Active Directory
Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.
86K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
Is it a same location or different.