Windows: 2 sites, 2 dc's. How setup roles?

windows active-directory windows-server-2012 domain-controller

I have 2 sites (HO + Branch), both with Win Servers 2003, connected by a tunnel. I want to have a DC in each location to allow for local login/authentication.

Can someone tell me what roles I should assign to the DC's in the remote branches?

I am about to install a Win 2012 DC's in each location in case that matters.


Solution 1:

Typically, if the home office is the largest, that's where all of the FSMO role holders are.

The domain controller(s) at the branches should be both DNS servers and Global Catalogs.

Solution 2:

It essentially doesn't matter where you put the FSMO roles : although it's a good idea to have the PDCe in the office with the most people, since that's the one that handles notifications for password changes, lockouts, etc. With a HQ and a single branch office, you might as well leave all the FSMO roles on the HQ, especially if that's the office with better hardware and better backups.

Edit- as mentioned below, if you only have (and likely only will have) a single domain, you can and should simply make all of your DCs also GC servers - and that's not a role, which is what your question asks for.

Related

using wireshark/tshark in command line to ignore ssh connections
ufw blocking apt
How to create an EC2 instance with knife?
cygwin ssh works locally, not remotely
ActiveDirectory domain service wizard: Prerequisites check for domain controller upgrade fails
Ntpd excessively inaccurate
Sanity Check: Is my CAT5e cable probably bad, or do I just need different connectors?
Using Chef Solo to provision a Windows EC2 instance and bootstrap it
How to move CSS to bottom of inspect window
Best practice disk usage for SQL Server
selinux avc: denied issue
Command / Method to find the up-time of SSH server daemon & Nginx