Remote Site migrate to Domain

By Wheezey ·
I have a central location running Win2003SBS R2. I have a remote location that's linked to our network over a VPN and on a separate subnet. The remote site's workstations (set up in a workgroup) use RDP to our Terminal Server for work.

So at this remotes site, I'm wondering if it would be a good move to migrate this site to the domain. I have a few questions before I roll up my sleeves:

1) Would I need to establish a domain controller to have at the remote site?

2) Would I see higher usage in bandwidth at the remote site? (6 Workstations)

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -


by CG IT In reply to Remote Site migrate to Do ...

1) no you don't have to
2) most likely

notes: a DC at the site requires that DC to talk to the HQ DC for replication. So you have to make sure they talk to each other. No DC means a site link and you have to associate a subnet to the site link. Best to have a persistent link [site link] to HQ to make this work right. Users which can not contact a DC to authenticate with, typically will use cached credentials to log in. No GP or any other settings will take place until the workstations contact the DC. So the VPN connection each user uses is simply a remote connection [remote access] not a link [site link] to the domain.

Collapse -

Site link to the domain

by Wheezey In reply to answers:

Pardon my ignorance, but I'm not familiar with "site linking". I think I may have mis-represented the vpn situation, we're operating the VPN from the remote site's SonicWALL VPN to our main facility's SonicWALL VPN.

Is this what you were referring to a "persistent link"?

Off Topic: As for GP, I'm looking to have GP set up similar to the Domain's GP on local machine to an extent. I'm still learning about AD.

Collapse -

Active Directory Sites and Services

by CG IT In reply to Site link to the domain

is where you create a site in Active Directory. you also associate a subnet to the site. The subnet to the site is a persistant link, meaning "always on" or "dedicated link". [goes back to the days where locations were connected with dedicated lines into a HQ, but those locations didn't really warrant having servers [not enough workstations to warrant the admin effort].

workstations use this link to contact DCs and DNS servers with their queries.

On you DC, open Active Directory sites and services to take a gander at what's there. Then read up on sites/site links and how to implement them on MS Technet.

Remote VPN uses authenticate with the Remote Access applicance ie your Sonicwall, and obtain an local network address [dhcp relay agent].VPN users don't authenticate with Active Directory for login[ as you mentioned their part of a workgroup and could never authenticate with AD] but with the VPN applicance. Once authenticated and obtain a local network address, they simply access the resources[ granted access by the resource, in this case Terminal Services, not Active Directory]. You can setup RRASS on a Windows Box, that is an AD member server and have authentication for VPN via Active Directory as remote access users rights on user account in Active Directory. With W2008, you have all sorts of options for securing remote access clients that weren't available on W2003 such as policy enforcement and quaranteen until they meet policy, etc.

Related Discussions

Related Forums