Domain Controller Problem.

Is it possible to have a Domain Controller on a separate subnet from some of the workstations in a domain?

We have a LAN with a single domain, (W2k servers and XP pro w/stations) and are about to set up an external office with a few workstations that have been installed and configured as domain members.

The two locations will contact each other via a VPN link across the internet.

I am just not sure how the users will validate when they log on at the remote location. Will forwarding automatically find the DC or will I have to put some kind of entry in the hosts files to point to the home subnet.

I am trying to avoid having any servers at all in the remote office. All applications will run across Citrix, so I dont mind a little extra bandwidth being used for logon validation.

Thanks

 

Yes, you can do this. Since you will not have a DC at the remote office (I would seriously consider having one), and won't have DNS either, you will probably have to set up some sort of name resolution.

How are you going to get the PCs authenticated to the VPN before authenticating to the DC?

DRD

 

I'll throw my idea into the ring.

Hardware VPN on both ends or atleast one.
Network with DC 192.168.1.xxx
Network without DC 192.168.2.xxx
Subnet 255.255.254.000

Point the remote network to the DC network where they will be authenticated.

Basically when you brouse the network it will look like one.

 

It would be easier to use the 10.0.0.0 IP space. With that you could use a 255.255.0.0 mask and use the second octet to seperate each subnet:

Office one: 10.1.0.0
Office two: 10.2.0.0

 

Works for me.

 

Thanks for the replies. It looks like we will be going with the hardware VPN at both ends, set up through PIX firewalls.

We will have to stay with the class C subnets as one of them is already established on a medium sized network. I know it would be easy to change settings on the DHCP server and about 30 fixed IP's, but it would only confuse me after several years of working with the old one.