Mobile enterprise set up with Domain Controllers - Child Domains or one Domain? RRS feed

  • Question

  • Question for you guys, not sure what to pick.

    I have a home base Domain. Then I have multiple mobile set ups that are sometimes disconnected from the main domain controller for up to 2-4 weeks. I am not worried about the tombstone. Currently we are using Child Domains. Often times they do have an internet connection and work all on their own. Sometimes we will have a tunnel back to the home base Domain. This is important because I can't simple use a VM that's a copy of the home base VM and then wipe it when it gets back.

    I figure I can't use a RODC for these mobile domain stations because they'd actually need to add/change accounts, objects, etc. Are you able to do that on a RODC in any form or fashion? It just doesn't overwrite it's primary?

    Am I able to set it up so a secondary domain controller will not write to the primary DC at all but still have the ability to write to the secondary domain controller? I can see how this would be an issue if you added something to the secondary domain controller and then the primary would laugh at the object trying to authenticate.

    I don't really mind a secondary domain controller being able to write to the primary - however I want in a conflict for the primary domain controller to trump everything. So if someone's account is deleted or changed on one domain controller, when that secondary domain controller finally contacts the primary a few weeks later he gets overwritten by the primary.

    I don't even know if any of this is possible, I am probably just going to have to use the child domains. Can a machine be on both domains? I don't want to have to add 50 machines to a child domain then add them to a second child domain or a third, or the home base. 

    I just don't know. The real problem is the connection to the primary domain controller would be severed for weeks at a time. Any ideas would be great. 


    Wednesday, July 18, 2018 1:16 PM