If you can't afford a DC at each branch (we have several vpn locations with 2 users in them). You can get away without a DC to authenticate to locally. All the modern workstation OSes from NT4 up, keep a cached profile of the last user logged on that includes their password. So user bob should be able to log into his machine if the link is down he just won't get a log on script or any network drives. Bob wouldn't be able to log into Sally's workstation however if the link was down. Depending on your users this might be acceptable, if not push to put a DC at the location! -----Original Message----- From: Claudio Rodrigues [mailto:crodrigues@xxxxxxxxxxxxxxxxxxxxx]=20 Posted At: Tuesday, February 24, 2004 3:42 PM Posted To: TheThin Conversation: [THIN] OT: AD across Wide Area Subject: [THIN] Re: OT: AD across Wide Area 1. You can set how often the links will replicate. 2. You can create different links between sites based on bandwidth for example, assigning different costs to them. So bandwidth is not an issue usually, especially when dealing with small branches. I would go for DCs on the local branches. -----Original Message----- From: Evan Mann [mailto:emann@xxxxxxxxxxxxxxxxxxxxx]=3D20 Sent: February 24, 2004 3:20 PM To: thin@xxxxxxxxxxxxx Subject: [THIN] OT: AD across Wide Area Looking for some info on how those of you have deployed AD across multiple wide area sites. I have a lot of small offices with under 10 people, all have a server that I can make a DC or a member server. These offices are VPN'd back to my Corporate office and all computers across the WAN are part of the domain. I'm undecided on the best way to deal with the small offices. Do I make the local servers DCs? Do I leave them member servers and set primary DNS to point back across the VPN to the Corporate office? Or do I take some other route? My concerns with making them DCs is excess replication. If I don't make them DCs, then my concern is a VPN link going down, or an internet line going down. Now there is no local server to perform domain authentication for logins, network resources, etc. ******************************************************** This weeks sponsor triCerat Inc. triCerat makes your job easier by offering essential applications to eliminate your printing, policy and profile, and your application management problems. http://www.triCerat.com=3D20 ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or=3D20 set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm ******************************************************** This weeks sponsor triCerat Inc. triCerat makes your job easier by offering essential applications to eliminate your printing, policy and profile, and your application management problems. http://www.triCerat.com=20 ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or=20 set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm ******************************************************** This weeks sponsor triCerat Inc. triCerat makes your job easier by offering essential applications to eliminate your printing, policy and profile, and your application management problems. http://www.triCerat.com ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm