0

Currently we have a site-to-site VPN setup between our two locations A and B. Location A has the domain controller; all hosts in location B connect via the site to site VPN to the DC in A. I was wondering if this is not ideal because if either Internet connection goes down, or the VPN/firewall server gets messed up, ii) the hosts in B cannot connect to DC on A, and more importantly, ii) the primary/secondary DNS servers on the domain are both located in A. Please advise on the best practice to alleviate this potential issue.

tacos_tacos_tacos
  • 3,250
  • 18
  • 63
  • 100
  • curious as to what is in Site A? if the link dies, then the ability to find the IPs for remote services is useless anyway. if you only have a few users in Site B then DC/DNS isn't really needed, logins/local network will be unaffected for short outages. if you're trying to keep the internet accessible when the link dies then why not make Site B's clients' primary DNS = SiteA and secondary DNS = the local router/ISP - need more info... – BoyMars Sep 20 '11 at 20:59

2 Answers2

4

Promote a DC in Site B, create two sites in AD, then assign each domain controller to its appropriate site. Also, install DNS on this server, and use it as the primary for all hosts in Site B.

Ideally, the hosts in site A would use the local DNS server as primary and the DNS server at the opposite site as secondary. Vice-versa for hosts in Site B.

EEAA
  • 109,363
  • 18
  • 175
  • 245
  • 1
    You can actually set up the sites and assign subnets before promoting the DC at the other end :) – pauska Sep 20 '11 at 20:45
  • Yes, for sure. I suppose that would lessen the time required for everything to sync up. – EEAA Sep 20 '11 at 20:46
2

While you could set up a DC/DNS server in site B, I have to ask: where are the resources that the users use located? If the resources are in site A then it really doen't add any value to set up a DC/DNS server in site B. If site A is unavailable and that's where email, file, database, etc. services are then the clients ability in site B to log on to the domain via a local DC doesn't do much good.

joeqwerty
  • 109,901
  • 6
  • 81
  • 172