Pros & cons if we are implementing AD/DC over cloud or In- house

Here I want to discuss that what will pros and cons if P we are implementing AD/DC over cloud or Inhouse. I have some observation as below.

    we are located in India, so here is Internet connectivity is slow and sometimes has no connectivity.
      Mostly users will be in the office.
         total current users strength is 70+.

        Please suggest as per your experience.

        Looking for the quick and experienced reply.

        Gaurav PandeyAsked:
        Who is Participating?
        how much AD dependent infra you have?
        some infra apps need global catalog (DC) in local site, in that case you need DC in local site
        also if you have users across locations, then no use of cloud DC as authentication process will happen over multiple network hopes
        if this is not the case and if you just looking for basic AD authentication, you can put DCs in cloud
        if you are adding DC in azure, you are simply extending your local infra to Azure by VPN tunnel,
        with cloud DC, if new user step in 1st time and if tunnel is down, that user cannot logon to workstation because there is no cached credentials available for that user
        otherwise even if tunnel is down, already logged on users can logon through cached credentials
        In that case you will save hardware investment and maintenance
        You answered yourself "Internet connectivity is slow and sometimes has no connectivity". A cloud-based scenario will be very frustrating for your users.
        Sajid Shaik MSr. System AdminCommented:
        Dear Gaurav,

        first what is your purpose of the domain in cloud ?

        the best option is local domain, which you can handle easily... lets say any modifications needed...or you have to disable a user immediately
        by managemet request. if internet now works what you will u said..

        so better go with local only...

        local domain is very fast compare to cloud...

        all the best
        How do you know if your security is working?

        Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

        one more thing:
        do you have local file server, print server etc?
        In that case local DC is recommended as for every access request file server / print server need session ticket from domain controller
        So if you put DCs in cloud and if link goes down, users will be able to logon with cached credentials, however they cannot access file server etc because they don't have session tickets
        if user logged in and access file servers and later if link gone down, they can access file server resources even after link goes down as they already have session ticket which is valid for few hours
        Mal OsborneAlpha GeekCommented:
        IMHO this is a no brainier; the best solution is a local domain controller.

        DCs tend to not be  very "busy",  for just 70 users and old office PC with an i3, 4Gb of RAM and a single 100Gb drive would probably work just fine.

        An "entry" server with an i7, 8Gb of RAM, and a pair of SAS drives on a hardware RAID adaptor would be the sort of hardware I would recommend. I also prefer a separate physical DC, even in a virtualised infrastructure. It is always nice to have the DC powered up and running first as well.

        It is always good to have a second DC, so one in the cloud as well might make sense, but the mail DC in your situation should be on site.
        Gaurav PandeyAuthor Commented:
        Thanks to all.
        Question has a verified solution.

        Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

        Have a better answer? Share it in a comment.

        All Courses

        From novice to tech pro — start learning today.