AD across site-2-site VPN

[moosus]

G'day everybody

I'm looking for a little input from those in the know.
I am planning on joining several interstate sites with a cisco hardware,
site to site VPN.
Currently the interstate sites have their own workgroups the only domain is
at their base office in Queensland
I then wish to have the interstate users be authorized by a server in
Queensland
The VPN will run across 1500/512 ADSL
Is there much advantage in putting a backup domain controller at my bigger
interstate sites?
I only have 30 users across the whole network so it is not like there is a
lot of traffic.
If I put backup DC's at the remote sites do the users at those sites
authenticate with at server under normal circumstances?

Cheers
Moosus

 

[Paul Bergson]

From the number of users that you have the difference would be negible,
unless you have connectivity issues. The additional DC would authenticate
the local usesr if you set up sites in AD Sites and Services. Unless you
have an app that is hitting your DC you just don;t have enough users to
warrant a remote site DC.

You should bring up another DC at your home site for fault tolerance and
make sure that you have two dns servers as well. The best route for this
would be to integrate AD and install dns on both of your DC's. Make sure
you then point your clients dns to these two dc's.