RFVDB
asked on
AD Replication over VPN to RODC pitfalls
I have some remote offices that I want to setup with RODCs. This will be my first time doing this so wanted to find out about some of the consequences of doing this.
The remote offices are connected to the primary site with Site to Site VPNs - the primary site will have the live writeable Active Directory.
1) If the Site to Site VPN goes down the RODC can't reach the primary AD server in the primary site. Will this be a problem for users in the remote office for authenticating and using DNS for local and web DNS resolution?
2) If I were to go with a full writeable AD in the remote site - if the VPN goes down, will the users experience any sort of outage?
3) Any other suggestions on this line?
The remote offices are connected to the primary site with Site to Site VPNs - the primary site will have the live writeable Active Directory.
1) If the Site to Site VPN goes down the RODC can't reach the primary AD server in the primary site. Will this be a problem for users in the remote office for authenticating and using DNS for local and web DNS resolution?
2) If I were to go with a full writeable AD in the remote site - if the VPN goes down, will the users experience any sort of outage?
3) Any other suggestions on this line?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Shaun Vermaak
The main purpose of RODC is for a site without physical security. If you have physical security, add a full DC
ASKER
Hi Abhi,
Thanks for all of the answers. You mention that it won't work with Exchange but specify 2000-2010. If the company has Exchange 2013-2016, is that fine?
Thanks, Jonathan
Thanks for all of the answers. You mention that it won't work with Exchange but specify 2000-2010. If the company has Exchange 2013-2016, is that fine?
Thanks, Jonathan
HI,
Sorry for the confusion. Exchange would need a writable DC in the site it's located for its smooth working and its the recommendation as far as I am aware.
Please refer:-
http://msexchangeguru.com/2012/10/22/exchange-2013-prerequisites/
Thanks,
Abhi...
Sorry for the confusion. Exchange would need a writable DC in the site it's located for its smooth working and its the recommendation as far as I am aware.
Please refer:-
http://msexchangeguru.com/2012/10/22/exchange-2013-prerequisites/
Thanks,
Abhi...