DC at branch offices?

I've got a branch office on a separate domain with a Win 2k server that handles AD, DNS and operates as a file server. We're connected to them with a point to point T1. The clients there operate as dummy clients, connecting to our terminal servers here. My boss is wanting to get rid of that server and just have them connect directly to us through the T1. Is there any reason I should have a backup DC in that office?

We're probably going to do something similar with another branch office we picked up a year or so ago. They've got a Linux setup, and we've got a site to site VPN configured for them.

Find more posts tagged with

SAVE $250 on Your Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Boot Camps

Comments

impelse

It's depend of many factors.

Do they need a file server internally?
How do you apply the policies, security, windows updates, scan, etc, etc, etc?

If you connect those machines direcly to your domain (main office) how much will they slow down your link, etc, etc, etc

Do you have VoIP between sites?

Like a said, many factors.

arwes

Thanks for the reply, no they don't need a file server. They mainly use our file server through their terminal server session. We do have a VoIP set up but it goes over their backup internet connection (Cox cable). I do updates through WSUS, but if it clogs things up then I'll just configure them to get updates from MS. As far as scanning, do you mean like document scanning? I've got a Xerox 7232 set up to to FTP scanned items to their user directory on our file server.

impelse

arwes wrote: »

As far as scanning, do you mean like document scanning? I've got a Xerox 7232 set up to to FTP scanned items to their user directory on our file server.

Yes, I was talking about doc scanning.

That's a good scenario, I bealive that you will not have to much problem. Also you can set WSUS to do the job at night. Also do not forget the anti-virus updates from the central console.

RobertKaucher

Really the big things to consider are local file shares, faster log on times, and being able to log on if the link is down.

IMO, things like document scanning, etc can be done with a desktop PC that has Linux installed.

How many users are we talking about?

earweed

From what your setup sounds like so far the server at the branch office is really unnecessary. I'd say to research and see if there is any underying reason why it may be needed before doing away with it.
i.e. What happens if the link goes down, how many users at branch office, can you set that branch server up to handle some of those things locally.

arwes

It's about 10 or so users, it's a small agency we bought about 5 years ago. I don't know that we'll ever have many more users there.

arwes

impelse wrote: »

Yes, I was talking about doc scanning.

That's a good scenario, I bealive that you will not have to much problem. Also you can set WSUS to do the job at night. Also do not forget the anti-virus updates from the central console.

Right now we're running Symantec Endpoint Protection and we've had enough unresolved technical issues with it that we're going to see about switching to either Forefront or the new version of Vipre Enterprise. Waiting on a quote from my PC Connection rep on Forefront at the moment.

impelse

You already thought about any factor.

earweed

I didn't think about it earlier but if you're running Window's 2k8 you could set up the branch office with a RODC. That way if you lose connectivity the people in your branch office will still have that.

arwes

Heh, well the only 2k8 server I've got is my terminal services gateway server. Our banking overlords scoffed at our request to upgrade our servers, but had no problems at all spending a million bucks or so on office renovations at the banks.

Maybe in a few years.

Hyper-Me

WSUS traffic shouldnt cause much of a hiccup, as it transfers via BITS