Results 1 to 3 of 3

Thread: Help - Changing from work group to Domain environment

  1. #1
    Regular Member TeddyTed's Avatar
    Join Date
    Mar 2001
    Briarwood NY

    Question Help - Changing from work group to Domain environment

    Hi all,
    I'm looking for a bit of advice on changing a network from a workgroup setup to a domain environment.
    We're a small and growing business with a total of four office locations ( one main office, and three satellite offices).
    All satellite offices are connected into the main office via VPN tunnel using Sonicwall TZ appliances.
    Network info

    Main office
    Network :
    Location : NYC
    # of users : 16

    Satellite Offices

    Location #1
    Subnet :
    # of users : 6

    Location #2
    Subnet :
    New York
    # of users : 6

    Location #3
    Subnet :
    # of users : 5


    In order to address some security concerns, and ultimately expansion in the near future, I would like to setup active directory to better manage the environment.
    My concern is how do I properly deploy / provide active directory access across all locations, when obviously the satellite office are too small to set up a read only DC , as well as the issue of cost?

    I know user authentication over WAN (through the tunnel) is possible.
    The nodes on the main office work will obviously receive IP address from the DC / DHCP server locally.
    However, I am not sure if the satellite locations should be set up to receive DHCP over VPN, and therefore I would have to disable disabling DHCP on the remote routers and allow ip address distribution from the main office. Does my assumption make sense ? If not , what is the proper way to handles this ? Forgive me if this sounds like nonsense.


  2. #2
    Junior Member
    Join Date
    Jan 2015
    I don't have any experience in this, but have run into various discussion on the same topic of multi-subnet vpn active directory deployments. Do some searches and I'm sure you'll find TONS to read. Good luck!

  3. #3
    Administrator YeOldeStonecat's Avatar
    Join Date
    Jan 2001
    Somewhere along the shoreline in New England
    Main office has your DC....say the DC has an IP address of
    Satellite offices run their own DHCP (from the router is fine)...have the router hand out as the primary DNS server.
    This way workstations at the satellite offices are properly logging into active directory. Yeah...if the bandwidth is "light"...their logins can be a little slow as GPOs and scripts are processed...but..that's the way it is.

    Some people add a secondary DNS server to hand out (in case the VPN tunnel goes they can still surf the web), such as the ISPs or the router itself (which just does DNS forwarding to its WAN interface which is the ISP anyways)'ll find that this responds quickly, the primary DNS server may take too workstations will tend to turn to the secondary DNS...thus failing to log into the DC...thus breaking DNS too often.

    It's better to leave the primary DNS as the DC..and that's it....until you get budget getting a local DC at each satellite office.
    MORNING WOOD Lumber Company
    Guinness for Strength!!!

Similar Threads

  1. Domain User Kicking Domain Admin?
    By chugger93 in forum Networking Forum
    Replies: 4
    Last Post: 03-09-10, 03:43 PM
  2. File Sharing domain PC w/ non-domain Mac
    By koldchillah in forum Software Forum
    Replies: 4
    Last Post: 02-09-05, 11:34 AM
  3. VB Data Environment
    By parse27 in forum Programming Forum
    Replies: 5
    Last Post: 11-15-02, 02:28 PM
  4. tweaking in Lan environment
    By azkikr in forum Broadband Tweaks Help
    Replies: 2
    Last Post: 12-16-01, 12:36 PM

Tags for this Thread


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts