Wednesday, April 29, 2015

windows server 2012 r2 - Remote Office Domain Controller - Redirected Folders




My first question here - I tried my best to find the answer before posting.



I currently manage a small health center (25 employees) that has a single domain (health.local for this purpose) running on Server 2012 R2. The health center is planning to open a secondary location in 6 weeks or so. These two buildings will be connected by a site-to-site IPsec connection.



In the current domain, all users have redirected folders with offline files enabled. Makes it easy for workstation replacement.



What would be some recommendations for the new office? It will be about the same size (25 employees or so). I plan to put in a domain controller. Should this be linked to the current domain? My concerns would obviously be the redirected folders running over the IPsec. Employees can be in either office. I've researched DFS and found that it is not recommended for redirected folders because of cases where an account can be logged into in two locations which would create a DFS conflict.



I've also considered a brand new domain with an established trust between the two domains, but this would bring up the issue of users having a password that is different at each location (which would be a problem lol).




I've read about read-only DCs, but that doesn't solve the folder redirection issue.



What do you guys think? Thanks for any help / suggestions in advance.


Answer



This is possible but has it's limitations.



You can have the second domain controller as a member DC. Then you can replicate the fileshare with the roaming profiles using whatever kind of replication technology you want between machines at site1 and site2. You could use DFS for example, or put the profiles on a NAS and replicate that to a second NAS somehow. This way, you would have all the profiles on both sites at all times, and the machines would get their copy from the local machine.



The limitation is that due to limited bandwidth this will take time, and if someone quickly changes from one site to the other it might not replicate in that time frame. It will also take bandwidth away from using whatever software they have to use. So maybe you have to replicate at night, but then employees couldn't quickly switch at all.


-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...