Do I Need to Configure Active Directory Sites if We Have a High Speed WAN?

Solution 1:

It's quite possible to have an Active Directory architecture configured across multiple physical locations in a single site. It's generally not a "good thing" and goes against most best practice.

If you ever want to control/configure/optimize your replication traffic, you'll have to setup sites. If you ever want to do branch cache in a reasonable way, you'll need to setup sites. If you want to do DFS replication and local folder targeting, you'll probably need to define the sites. If you want to ensure the best user logon experience, you'll need to define the sites. If you want to push printers by site using GPO/GPP, you'll probably want to define the sites.

The list could go on. So, the technical answer is, no - you don't have to. The real answer is that you really do want to define them as sites so you can leverage Active Directory to provide the services it is designed to provide in the best possible way.

Edit: To specifically answer the question on if they would still be able to authenticate on a link failure: yes, provided they have the local DC as one if their DNS servers. However, their authentication for anything might be slower depending on which DC got initially cached.

Solution 2:

10 Mb is not fast. Go ahead and set up sites. A number of manageability improvements will follow. Sites are associated with subnets, and I assume you already have separate subnets for each site as you imply that they are all associated with one WAN. If so, the implementation of sites is not time-consuming.