D
D
Danil2017-07-03 10:50:20
Active Directory
Danil, 2017-07-03 10:50:20

How many domain controllers do you need for remote branches, and do you need them?

There are 20 remote branches with 5-15 PCs each. How to properly drive them into the domain? Raise your CD and connect via VPN? How many CDs do you need? One CD for all remote branches? For everyone? Or it is necessary locally on everyone? How right?

Answer the question

In order to leave comments, you need to log in

5 answer(s)
E
effko32, 2017-07-03
@effko32

1st PDC is enough (it is possible to make 1 more cd for reading). KD raise at home (at the main branch), connect branches to vpn.

M
mikes, 2017-07-03
@mikes

everything depends on the reliability and width of communication channels, as well as the logical connection of branches to the main office, what resources are used?
if the branch is isolated and largely independent, then organize a full-fledged infrastructure there.
if all activity is tied to software that runs in the main office, then it makes no sense to keep a thread there
, and as I wrote above, we impose communication channels on it.

C
CityCat4, 2017-07-03
@CityCat4

That's right - when requests to the DC do not slow down :) If a small number of requests come from the branch and the communication channel is wide and fast, it makes no sense to make a separate DC. If the communication channel is thin - it makes sense to raise the DC even for a dozen machines - the DC itself is not resource-intensive, it works fine on a virtual machine with modest parameters. If the branch has its own database or mail or its own proxy for tyrnet, then definitely raise your DC, because all this can slow down with a weak channel ... strongly :)
A typical branch structure is a router / VPN / firewall (cisca, mikrotik), behind it is a host with a DC / file cleaner / database / mail / proxy (here everyone is perverted in different ways) and user cars. Why? The branch, especially if it is a salesman, should work even if there is no tyrnet, and if 1C is up at the boo, that's it, no shipments-> no money :(

A
athacker, 2017-07-03
@athacker

I'll add to the above - read about RoDC - read-only domain controller.

V
Vladimir Zhurkin, 2017-07-04
@icCE

There is no correct answer here. You can go very different ways. Of course, it would be nice to put AD configured as a division in each branch. Another question is whether it is justified? Although at the moment, the system requirements for AD are not very high. Those if there is still life there, you need a File dump, etc., then it would be logical to put AD. By the way, the file dump can be configured as branchcache. If there are just remote employees with laptops, then I would probably set up VPN SSTP, which will automatically establish a connection with the office and with AD in particular on any network connection. You can go through the creation of VDI (Virtual Desktop Infrastructure), etc. etc.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question