Join Log in
Score:-1
Skittles avatar Server

Using a Windows Server 2012 R2 Server as a PDC via remote location

fr flag
Skittles

Presently, we have a Windows 2012 R2 Server acting as our PDC and it is physically located in our HQ location. It serves the HQ location as well as 5 other branch locations. Our president has inquired with me if there is any way we can move that server into a cloud rather than physically hosting it.

Server roles are as follows:

  • DNS Server
  • AD for company-wide local network authentication and LDAP authentication for web application.
  • DHCP & Static IP assignments
  • File Server

My first thoughts on this were to establish a VPN tunnel between our HQ location and the cloud location. Currently, we use AWS for hosting of our linux web hosts and we have a VPN tunnel to our HQ office so the web application to make use of LDAP for authentication. I also believe that the VPN is providing file services, but not clear on that. However, not sure how this setup would work for our other branch locations.

So, are my thoughts about this a proper approach or is there a better way to achieve this?

Thanks!

35
1 + 4
Daniel avatar
in flag
Daniel
`Our president has inquired with me if there is any way we can move that server into a cloud rather than physically hosting it.` Rather than "if" you should ask him "why". There are arguments for and against moving the PDC to the cloud. You are asking for the best way to achieve this, instead of asking if you should. Without knowing the details it's hard to review your approach.
1
Reply
Skittles avatar
fr flag
Skittles
Based on Fizgriz's response, I informed him that the technical risks would prove far to prohibitive for us to make such a move and that having our BDC at a datacenter would still provide the best alternative to a catastrophic failure of our onsite PDC. But thank you for your input also.
0
Reply
Daniel avatar
in flag
Daniel
Well, that's the point I was trying to make. Putting the PDC to a datacenter or into the cloud is not always a bad idea. It all depends on the entirety of the infrastructure.
0
Reply
Nikita Kipriyanov avatar
za flag
Nikita Kipriyanov
I want to point out that 21 year ago Windows NT 4.0 was replaced by Windows 2000 and now **there is no PDCs or BDCs in MS Active Directory technology**. Some DCs will host FSMO roles, but you may assign different roles to different servers, so no one will be a "complete primary". Where it is best to have which role depends on your network structure. There is also a reduced DC called RODC, which doesn't count as a DC in a full right, because it doesn't store some of directory data. It is used in remote branch offices to speed up directory lookup operations (it acts like a cache).
0
Reply
Score:1
FizzyH avatar Server
in flag
FizzyH

The main issue with implementing this is that your company's domain controller is in a cloud environment that then heavily relies on a stable secure connection.

I think its not best practice to move a DC especially a PDC into the cloud because if the connection to the internet or datacenter fails then your network is S.O.L.

If this is direction you want to go I think best practice would be to establish redundant connections from each branch to the cloud, and have a plan and procedure in place in the event of connection outages.

I suggested having all branches have the connection because if one of the branches loses connection to HQ, or if HQ suffers an outage all branches are inoperable.

0 + 3
Skittles avatar
fr flag
Skittles
Thanks so much for your insight. I tend to agree with your evaluation and will likely inform our president that this is not a sound choice for us to pursue.
0
Reply
Daniel avatar
in flag
Daniel
What does S.O.L mean?
0
Reply
SamErde avatar
gg flag
SamErde
SOL means "S**t Outta (out of) Luck" - https://www.urbandictionary.com/define.php?term=SOL
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.