active Directory over Wan

[ankit0680]

Hi,
I have a question, my office is in chicago but I am opening a satelite office in Europe. My predecessor originally created a domain here and put it as part of my forest in chicago. This doesnt work as he was the DC here connect Via VPN constantly, and for 5 users a I thought a domain was over kill.
i plan on putting them back on my primary domain, but putting a backup dc here for them to authenticate to then using a site to site connection to maintaing a constant link.
Will that work?

 

[pagy]

I don't quite understand. Are you saying that you are based in the Europe office and that you have a domain in your office and that domain is a sub domain of the forest root in chicago?

My head hurt asking that question


All you need in this life is ignorance and confidence; then success is sure.
- Mark Twain

 

[ankit0680]

Sorry.
My head office is in chicago, i have a small office in Europe that needs to be connected to my chicago office constantly. I dotn want to use VPN for everyperson,
I was thinking of creating a site to site, ( thier router to my Firewall) and putting a Domain Controller here.
My question is, is the domain controller necesary.

 

[pagy]

Ah Ok, yep a site to site VPN would be good.
I still don't quite understand your domain setup. You have a domain in chicago correct? And your predecessor setup a sub domain for the europe office but had the DC for that domain in chicago? In europe there are 5 pcs and no DCs?

Once I get your current setup clear in my head I should be able to tell you the best way to go.


All you need in this life is ignorance and confidence; then success is sure.
- Mark Twain

 

[ankit0680]

here is the setup.

Original:
Chicago : Forest : mydomain.com
Europe : Child : Europe.mydomain.com
Europe had 5 pcs and a DC.

I wnat to change this and put the pc's under "mydomain.com"
and just put another Domain Controller here. ( In EuropE)

 

[pagy]

Right, you should be fine doing that;
setup a site to site VPN as you said.
Add a DC to the Europe site for mydomain.com
change the domain membership of the 5 PCs.

You will need to use active directory sites and services to control replication between chicago and europe. This link will give you an overview of using sites and services;

http://www.microsoft.com/technet/pr...rectory/activedirectory/stepbystep/adsrv.mspx

Some people may argue that with only 5 PCs you could authenticate over the WAN to the DC in Chicago. But if you can afford a DC for the europe office I say put a DC in, it gives you room for growth as well if and when you need to add more PCs in the europe site.


All you need in this life is ignorance and confidence; then success is sure.
- Mark Twain

 

[ankit0680]

DO I need to worry about subnetting, if i set the remote site with a different subnet than my main office will this work?>\

 

[pagy]

The simple answer is yes.
It will be your site to site VPN that will connect the 2 networks together, Active directory will use the WAN link to replicate.


All you need in this life is ignorance and confidence; then success is sure.
- Mark Twain