0

Our main office has two domain controllers (Windows Server 2016), shown as one below for simplification. I'm bringing up a remote office, with a firewall at each location. I'm trying to keep the config as simple as possible. The main office works just fine to get to the internet and all users on the main office lan can authenticate:

enter image description here

What I want to do is be able to login to the active directory domain from the remote office. I'm trying to NOT have an AD at the remote office and as I said I'm trying to keep it as simple as possible.

What DNS do I have the remote PCs (PCR1 and PCR2) use so it will find SRVDC and can get to and use the file shares on SRVFS?

Or am I better served with the same private LAN on both offices of 192.168.1.0/24 with the firewalls setup with overlapping networks (which seems overly complex to me)?

JeffR
  • 113
  • 5

1 Answers1

3

What you want to do is to create a site-to-site VPN connection between the two offices. The remote office computers would use the same DNS servers as the main office, which presumably are your Domain Controllers.

EDIT

You have Domain Controllers at the home office which are presumably also the DNS servers for your AD domain (hosting your AD DNS zone). All computers in the home office use these Domain Controllers for DNS. All domain joined computers (workstations, laptops, servers, etc.) have DNS records registered in this AD DNS zone. You might also have DNS records registered in this AD DNS zone for other systems and services (internal websites, applications, etc.). All computers query these DNS servers to resolve DNS queries for the DNS records in this DNS zone. Set up a site-to-site VPN connection between the two offices and configure all of the computers (workstations, laptops, servers, etc.) in the remote office to use the DNS servers in the home office, just the same as all of the computers in the home office do. This is a pretty standard configuration, deployed in countless organizations around the globe.

joeqwerty
  • 108,377
  • 6
  • 80
  • 171
  • so you're saying the DNS of the remote office computers would just point to 192.168.1.31 (in this example)? – JeffR Apr 01 '22 at 12:46
  • @JeffR: Active Directory clients use AD for DNS, unless you have another DNS server that could serve as a forwarder for your internal domain. But you only have one DNS server. – Greg Askew Apr 01 '22 at 12:57
  • Ok, so the primary DNS of PCR1 and PCR2 should be the 192.168.1.31, and the secondary would be, say, a DNS server at the remote site to handle local resources for the 192.168.2.0/24 network? – JeffR Apr 01 '22 at 13:29
  • @JeffR See my edit. – joeqwerty Apr 01 '22 at 13:54