0

We have Active Directory Environment which we want to expand to 3 different locations. Our main office and 2 branch offices. We have create domain.local. We don't have VPN between branches or with main office.

I want to create replication so that all users can access their information across branches.

Chopper3
  • 100,240
  • 9
  • 106
  • 238
Ankur Dholakiya
  • 458
  • 2
  • 9
  • Is this a duplicate of http://serverfault.com/questions/245036/active-directory-servers-synchronization/245088? – Massimo Mar 10 '11 at 09:54

1 Answers1

1

If you don't have WAN or VPN connectivity, there's no way those branch offices can access anything in the main office. AD replication is not the kind of traffic you can relay via public Internet (like HTTP or SMTP).

You should first of all establish some connectivity between those offices; then you can setup local domain controllers and AD replication.

Massimo
  • 68,714
  • 56
  • 196
  • 319
  • Actually, you can make site links with SMTP instead of RPC, but I don't know if that still requires the same type of connectivity that RPC would require anyway. Might be worth looking into. Of course, that won't fulfill the goal of actually reaching resources in other offices; if it worked, all it would do is sync AD. – mfinni Mar 10 '11 at 13:14
  • @mfinni: I actually never used SMTP site links (wonder if *anyone* ever used them...), but looking at documentation around, they don't seem to use actual SMTP addresses... they just use the SMTP **protocol**, but still require direct connectivity (on port 25/TCP) between the DCs' internal IP addresses. – Massimo Mar 10 '11 at 13:42
  • Makes sense - kinda screwy, but I've never seen it used either. – mfinni Mar 10 '11 at 13:50
  • Let's see if anyone did: http://serverfault.com/questions/245690/has-anyone-ever-used-smtp-site-links. – Massimo Mar 10 '11 at 13:53
  • Bravo, sir! Bravo. – mfinni Mar 10 '11 at 14:18
  • 1
    Aha - SMTP only works between domains, not within, so it doesn't sync users etc. "Therefore, replication between sites over SMTP is supported for only schema, configuration, and Global Catalog replication" and useless for what the OP is asking. – mfinni Mar 10 '11 at 16:54
  • @mfinni: Yep. SMTP-based AD replication won't do what the OP wants at all. – Evan Anderson Mar 11 '11 at 03:46