Currently we have a site-to-site VPN setup between our two locations A and B. Location A has the domain controller; all hosts in location B connect via the site to site VPN to the DC in A. I was wondering if this is not ideal because if either Internet connection goes down, or the VPN/firewall server gets messed up, ii) the hosts in B cannot connect to DC on A, and more importantly, ii) the primary/secondary DNS servers on the domain are both located in A. Please advise on the best practice to alleviate this potential issue.
Windows – Best practice for two site Active Directory through VPN
active-directorysite-to-site-vpnwindows
Best Answer
Promote a DC in Site B, create two sites in AD, then assign each domain controller to its appropriate site. Also, install DNS on this server, and use it as the primary for all hosts in Site B.
Ideally, the hosts in site A would use the local DNS server as primary and the DNS server at the opposite site as secondary. Vice-versa for hosts in Site B.