Problem configuring multiple active directory sites when the vpn link is lost

Question

Good evening everyone; I have just deployed a multi-site Active directory infrastructure (site A, the head office and site B, the remote site) which shares the same domain ID which is on the DC1 of site A. The sites are connected by vpn via two microtik routers. a domain controller is present on each site and the global catalogue is checked on each domain controller. when the VPN link is available, synchronisation between the sites is normal. but when the link is lost, it becomes impossible to access the AD console on the DC2 controller at remote site B. how can we ensure that the console is available on the DC2 at the remote site when the link is lost, so that the users on the DC2 can authenticate themselves? thank you.

Answer 1

Hello,

 

Thank you for posting in Q&A forum.

To further troubleshoot this issue, please kindly try below steps:

1.You can consider setting up a backup internet connection or a secondary VPN link to for redundancy purpose.

2.Set up a monitoring or alerts to detect the VPN link status.

3.You can configure DC2 as "use the local Global Catalog for authentication"at the remote site.

 

I hope the information above is helpful.

If you have any questions or concerns, please feel free to let us know.

 

Best regards，

Jill Zhou

 

---

If the Answer is helpful, please click "Accept Answer" and upvote it.