Getting in a bit over my head here …
We have a small office with a Windows 2003 AD domain controller. About to open a second small (remote) office, and would like both to share the same domain. They are across the Internet from each other, but an occasional VPN connection could be created.
My first thought is to setup the second office on a separate subnet. I planned to duplicate the PDC to the new office, but somehow demote it to a backup domain controller that would periodically connect to the PDC via VPN (domain changes are quite rare).
Is this just a disaster waiting to happen? Is there a better way to go about it? I've tried googling, but not quite sure what to call this mess I'm creating 🙂
Thanks for any suggestions.
Best Answer
I would suggest a VPN between the two offices using VPN routers if you can. You do not say what Windows version you are using but there are various options for Domain Controllers depending on version. Win 2008 will permit a read only Domain controller, for example. PDC and BDC are not used with later versions of Windows
As noted by others there are many VPN devices to make the link. The router you have at the main site may have this feature. We use Cisco 800 series at secondary sites and Cisco 1800 at main office. There are Cisco Small Business VPN units that work well. We have used these for clinets and they are solid. Put them on a good UPS
You also need to look at what will handle DNS, DHCP, etc at the second site and what happens if the link fails for some reason.
If you have a Domain Controller at each site, DNS will work if VPN goes down. That works for us
At the remote site the local server will be primary DNS and make the main site secondary. You can make remote site secondary DNS at main site as well.