1

This may sound silly but I am no ad expert.

We have setup a new branch office and 2 users will be moving to that office to man a point of sales system, the internet connectivity is poor so maintaining a constant vpn connection is not going to work.

I have been reading up on: 1) creating a site in ad for this branch and then putting a rwdc down to man this site 2) creating a rodc and putting it in this branch

What would be the best approach for this branch setup, given that one of the users will work in the head office from time to time. Also how do we re-assign existing users to the site when using option 1)

Note that the remote site requires a server for our account accounting package and this requires network shares to operate, the issue with no dc is that the authentication fails because there is no logon server available.

Thanks for the advice in advance.

Robert Brown
  • 125
  • 1
  • 4

1 Answers1

1

RODC's are really the only recommended option for branch office authentication, for security reasons. You can also include them in their own site. I would recommend also configuring credential caching on the RODC.

http://technet.microsoft.com/en-us/library/cc732801%28v=WS.10%29.aspx

http://technet.microsoft.com/en-us/library/cc771744%28WS.10%29.aspx

Davidw
  • 1,210
  • 3
  • 14
  • 24
  • 1
    You MUST have a second AD site configured, or the client may be trying to authenticate itself at the PDC, because it cannot distinguish between the fast and the slow link within one site. – Daniel Aug 16 '14 at 14:08
  • 1
    Credential caching and password caching is the same and it's necessary if the link to the PDC is not guaranteed. – Daniel Aug 16 '14 at 14:09
  • Glad I could help improving the answer. I would happy for some upvotes on the comments. – Daniel Aug 18 '14 at 10:49