Choosing where domain controllers will be placed can be difficult. You should take several things into consideration before deciding to place a domain controller at a location. Security, replication traffic, and user authentication should all be taken into account. When determining the placement at the design phase, some questions will help you determine which site the domain controller should be placed in:
Will the domain controller by physically secure at the location? If the domain controller will not be locked away, the computer could be physically attacked and the drives containing the database could be compromised. In some small organizations, this may not be as important a consideration as in large companies, but it should be considered nonetheless.
Can the domain controller be administered by local staff? If the staff members from the location do not have the ability to manage the domain controller, will you be able to provide remote access capabilities to the domain controller? Built-in tools allow an administrator to manage the domain controller remotely, and you need to determine if having those tools loaded is worth the trade-off of having the domain controller located at another location where it can be managed by local administrators. Make sure that your network infrastructure will allow you to connect to the remote servers because firewalls and connectivity issues could limit your access to the domain controllers.
Is the WAN link reliable? If the link is not reliable enough, you need to determine if you can get by without a domain controller for the site. We recommend that you do not allow for a site to be left without a domain controller if the WAN link is unreliable. However, if security concerns are greater than the users' ability to authenticate for a short period of time, or the user base is small enough that you cannot justify the cost of a domain controller, you may choose to have them authenticate to a domain controller in another site away from the users.
Was this article helpful?