0

So, we have one forest with one domain currently, which is working pretty good. Now we got a new remote office for 5 users. They should get their own Domain Controller and Domain. Our original Domain is named company.com and the plan is to create a Child Domain named remote.company.com for the remote office. The problem is, that the 5 people at the remote office change relatively often (~ -2 people every 2 months; +2 people every 2 months; so it stays pretty much at 5). How can I get the Users, which get created in the Domain company.com, in the Child Domain remote.company.com, while still preserving the original Object in company.com.

I need the original Userobjects to stay in company.com as a password change automatically connects with this Object.

Second Question: How can I get the two Userobjects to replicate after a password change (to get the new password written to User.company.com to replicate to User.remote.company.com)

As I am pretty new in the business and as new as this in Active Directory Management, I would be glad for all Input I could get. And if you need more Information, feel free to ask.

PaLin
  • 5
  • 3
  • 3
    Why do you think you need a dedicated domain for the branch office? This seems quite overkill for just 5 users. – Massimo Mar 02 '20 at 20:57
  • Ummm... yeah... why do you/they need a new domain? – joeqwerty Mar 03 '20 at 01:28
  • They shall get a new one, because I got told they are going to. Sadly I dont make the rules. – PaLin Mar 03 '20 at 07:11
  • If the people telling you to build a new domain cannot justify it, then they are in no position to be giving such directions. Sorry you have to work in those conditions. – twconnell Mar 04 '20 at 00:05

1 Answers1

3

Because the remote office is a branch of the same organization, a more efficient solution for that scenario is setting up a separate site describing the remote branch network and deploying a read-only domain controller there, with appropriate password replication policies.

In addition, you should deploy at least two domain controllers in the forest. By deploying a single domain controller, you will be subject to a loss of the entire forest if the server experiences a hardware fault.

Anderson Medeiros Gomes
  • 2,477
  • 9
  • 20
  • The sad thing is, I dont make the rules, I only get told, what I should be doing. And I got told, that they are getting their own small domain, where it does not matter how stupid the idea is. But I do not really know how to conquer my problems described in the above question – PaLin Mar 03 '20 at 07:20