Wednesday, July 25, 2012 2:19 AM
We have a sister site and that site doesn't not have domain controller. That site is connected to our primary site using a site to site vpn. Everything works fine but anytime we have a new user trying to login to a computer she/he gets an error messages saying no Domain controller can be found. That particular use will have to first come to HQ cache her credential to the machine and then can login where ever she is.
Is a secondary Domain controller necessary at every branch office ?
All the services at this branch office without any issue due to the site to site VPN. File shares can be accessed I can remote into a computer if I want to but just that a new user cannot login or an old user cannot change password.
Thursday, July 26, 2012 5:43 AMModerator
Thanks for posting here.
> but anytime we have a new user trying to login to a computer she/he gets an error messages saying no Domain controller can be found.
May I know what DNS server address are these client computers point and use when they at remote site ?
> Is a secondary Domain controller necessary at every branch office ?
Yes, it is recommended to deploy domain controller at each branch site with setting AD site and subnet and that will accelerant the logon process for computes by using local domain controller and will also keep the authentication service continual once when like VPN tunnel disconnect.
Understanding Sites, Subnets, and Site Links
TechNet Community Support
Friday, August 03, 2012 12:18 PM
I am sorry I was out of office and couldn't reply back . These remote client all point to the Domain controller at the HQ and then Google for DNS . We did it this way to ensure that the client still have internet access if the DNS server goes down.
I am still a little doubtful about why the site to site vpn will not let you change password or anything , user always get the error message NO domain controller found where as the same user connected using remote access VPN can easily change password. I checked both the group policy and found nothing different.
Friday, August 03, 2012 3:54 PM
Configure the Site DC as Global Catalog and use DNS forwarders. Configure your site machines to use Site DC as primary DNS and HQ DC as secondary.
Configuring a Global Catalog Server (Applies To: Windows Server 2008, Windows Server 2008 R2)
How to create or move a global catalog in Windows Server 2003, Windows 2000, or Small Business Server 2000
I do not represent the organisation I work for, all the opinions expressed here are my own.
This posting is provided "AS IS" with no warranties or guarantees and confers no rights.
- .... .- -. -.- ... --..-- ... .- -. - --- ... ....