cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Connect Remote Office to Domain at HQ

Just browsing

Connect Remote Office to Domain at HQ

I currently have a site-to-site vpn setup between HQ and a remote office. Would it be possible to setup the remote office to connect a domain controller at HQ?

6 REPLIES 6
Building a reputation

Re: Connect Remote Office to Domain at HQ

Yes it's possible but it might not be the best idea. If the internet goes down at either location then the people at the remote office wouldn't be able to log in. Might be better to have a RODC at the remote site that syncs to the HQ DC.

Kind of a big deal

Re: Connect Remote Office to Domain at HQ

Yes.  It works best if you configure the remote site DNS servers to point to the AD controllers at the main site.

Here to help

Re: Connect Remote Office to Domain at HQ

I agree with mmmmmmark that it may not be the best design if relying on a single MX / Internet connection at the branch office or HQ. A RODC would be ideal at the branch. You could go with redundant MX and Internet connections to try and limit exposure to a failed connection but it may not be worth the cost, depending on your needs.

Kind of a big deal

Re: Connect Remote Office to Domain at HQ

That is not correct @mmmmmmark.  You can quite happily log into a Windows machines you have previously logged into (aka your normal work computer) for many months using cached credentials.

 

If you want some evidence, take a work notebook home, reboot it, and notice how you can log into it without any issues.

Building a reputation

Re: Connect Remote Office to Domain at HQ

Thanks @PhilipDAth for that. I wasn't aware that it would work. Might still be a good idea to have an off-site DC too though, but maybe not a RODC, haha.

Kind of a big deal

Re: Connect Remote Office to Domain at HQ

I have now moved a lot of my smaller customers completely to AzureAD (so no onsite AD controllers at all), as part of their Office 365 plan.

 

Some of the medium sized ones I have moved AD into Amazon AWS.  I need thee instances.  Two t2.micro's to be the AD controllers, and a third to run Ubuntu and strongswan.  I then build a non-Meraki VPN back to the sites.

 

A t2.micro is maybe USD$3.50 per month.  So for maybe usd$11 per month you can have redundant AD controllers in the cloud.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.