<div>
Hi there,<br />
<br />
You need to have the sites and subnets properly configured so that the &quot;remote&quot; domain controllers will function properly for those computers. This is assuming that you have a site to site VPN so that all those subnets are considered internal and are accessible / can access the domain controllers.<br />
<br />
I've never setup a site in that manner but here is a thread with several folks mentioning it will work...<br />
<a href="https://social.technet.microsoft.com/Forums/windows/en-US/81a6ff41-da00-470b-a86e-2409cad01756/remote-sites-without-a-domain-controllercreate-ad-sites-and-services-subnet?forum=winserverDS" rel="ugc nofollow">https://social.technet.mic<wbr />rosoft.com<wbr />/Forums/wi<wbr />ndows/en-U<wbr />S/81a6ff41<wbr />-da00-470b<wbr />-a86e-2409<wbr />cad01756/r<wbr />emote-site<wbr />s-without-<wbr />a-domain-c<wbr />ontrollerc<wbr />reate-ad-s<wbr />ites-and-s<wbr />ervices-su<wbr />bnet?forum<wbr />=winserver<wbr />DS</a><br />
<br />
Really for AD authentication you would want a DC in the site with the users. Or have them just operate as if they are in a remote WIFI location and not trying to access resources as if they were &quot;internal&quot;.
</div>


<div>
Thanks for the responses. They are connected via a mesh MPLS network. So each of the remote sites can reach a domain controller in any of the three data centers. So I guess I'll leave it as is. I'm not sure what the advantage is to having it this way, but since I can't seem to find a disadvantage, I'll leave it as is.
</div>


<div>
If there's a mesh, it makes sense because you can assign AD replication links to each of the MPLS links. That protects the remote sites from connectivity failure in a single Datacenter. If the remote sites were in the same AD site as a Datacenter, they would always use that data center's DC. If, for some reason, the datacenter a remote site was in the same AD site for lost all network connectivity, the remote site might not be able to discover the other DCs and authenticate. <br />
<br />
If the remote sites were only connected to a single Data Center, there wouldn't be a way for the remote site to connect to the other DCs anyway, so having the remote site in a different AD site would make no sense.
</div>


<div>
<div class="content wysiwyg-content">
I'm interested in hearing opinions on this.<br />
<br />
I have 3 different geographical sites with datacenters in them, each with at least one Domain Controller. I also have 3 remote locations, which do not have any servers at all, just 3-5 computers each. They are connected through MPLS via a slower (3 MB) connection. The remote locations get Internet access through one of the datacenters for O365 email and hosted SharePoint. Other than that, they contact the datacenters for authentication, minimal shared file services, and updates.<br />
<br />
In AD Sites and Services, these are all setup as individual sites (6 sites) with the appropriate subnets associated to their respective site. My question is, what are the pros and cons of this setup? Wouldn't the best configuration be to only have 3 sites (the 3 datacenters) and have the remote sites' subnets be part of one of those 3 sites? Or does it really not matter if there's no AD replication between those remote locations anyhow.
</div>
</div>


I'm interested in hearing opinions on this.

I have 3 different geographical sites with datacenters in them, each with at least one Domain Controller. I also have 3 remote locations, which do not have any servers at all, just 3-5 computers each. They are connected through MPLS via a slower (3 MB) connection. The remote locations get Internet access through one of the datacenters for O365 email and hosted SharePoint. Other than that, they contact the datacenters for authentication, minimal shared file services, and updates.

In AD Sites and Services, these are all setup as individual sites (6 sites) with the appropriate subnets associated to their respective site. My question is, what are the pros and cons of this setup? Wouldn't the best configuration be to only have 3 sites (the 3 datacenters) and have the remote sites' subnets be part of one of those 3 sites? Or does it really not matter if there's no AD replication between those remote locations anyhow.

AD Sites Question

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.

Active Directory

Windows Server 2012 is the server version of Windows 8 and the successor to Windows Server 2008 R2. Windows Server 2012 is the first version of Windows Server to have no support for Itanium-based computers since Windows NT 4.0. Windows Server 2012, now in its second release (Windows Server 2012 Release 2) includes Foundation, Essentials, Standard and Datacenter, and does not support IA-32 or IA-64 processors.