Add 2nd domain AD to other office location via a VPN
I have a Microsoft exchange server setup on server 2012r2 with all the usual items required for exchange setup to run on a single server for our domain including AD DNS IIS etc running exchange 2016 all is updated and runs great. So far we have not needed active directory and just used that mail server for email only. We have another office location that runs our accounting software Viewpoint Vista a MS SQL based construction accounting program that now will require us to move off of a workgroup to active directory on the accounting server to get future updates. I have firebox routers at all our locations and have a VPN link setup between all our locations and can access devices on all the locations. My thought was to setup a secondary domain controller at the accounting office for this and have server 2019 or earlier server versions I could use to do this. Just putting this out there for techs that have done this and what your thoughts would be on doing this on a VPN (I have setup backup domain controllers at the same location before) or if I should try a different approach on this since I only need the accounting server on a domain right now to update to future versions but if I have to do this might as well get all users on AD. - Any recommendations would be appreciated!
ASKER
no the accounting location does not have any DC just the location that has the exchange server setup with it's DC. and yes there is a VPN setup I was just wanting idea's from others on how they would setup the remote accounting office. my thoughts are to setup a 2nd DC
Having two DCs (WHEN YOU UNDERSTAND HOW TO PROPERLY RESTORE THEM) is ideal. It's also good to put them at different locations when your business is that small as this provides redundancy in the event of a disaster. Indeed, I'd recommend setting up DFS Replication and copying all non-database files through DFS to both sites. Properly setup, this can allow for faster file access at both sites and redundancy in the event of a disaster at either site. Additionally, your users should be able to continue to work (mostly) uninterrupted (at least from a login/file access perspective) if and when the VPN goes down (due to hardware failure or internet failure at either site).
Just setup Sites and Services so both sites are unique to AD.
Lastly, if this isn't something you understand well, then PLEASE, for your own sake, partner with an experienced person to assist in the setup and teaching you how to do this.
Forums are great for help in troubleshooting and general guidance, but full technology deployments, in my opinion at least, should not be done with the forum as the "expert"
Just setup Sites and Services so both sites are unique to AD.
Lastly, if this isn't something you understand well, then PLEASE, for your own sake, partner with an experienced person to assist in the setup and teaching you how to do this.
Forums are great for help in troubleshooting and general guidance, but full technology deployments, in my opinion at least, should not be done with the forum as the "expert"
ASKER
Thank Your Lee for your input I am a long time IT person just asking around to see what others think:)
In ideal situations, you should put AD dependant applications in same location as domain controller or vice versa
If your application is not AD integrated, then it doesn't matter where you put up that
Normally you should put two dcs at headquarters along with ad integrated applications and allow remote users to connect applications through VPN or through internet depending upon your security policy
Else establish site to site vpn tunnel between HQ and remote site and put DC and application at remote site
If your application is not AD integrated, then it doesn't matter where you put up that
Normally you should put two dcs at headquarters along with ad integrated applications and allow remote users to connect applications through VPN or through internet depending upon your security policy
Else establish site to site vpn tunnel between HQ and remote site and put DC and application at remote site
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Then why you need another DC?
If there is no direct connectivity available between locations, site to site VPN is the only option