I'm having an interesting problem. Note that I'm new to AD, so there might be a simple solution that I'm just missing.
We have two domain controllers, DC1 and DC2. I am doing some testing with DC2 to ensure things are going to work the way we want them to, but so far they aren't.
I made it so that DC2 would be unable to talk to DC1 over the network. The reason I'm doing this test is that DC2 will go into a remote site which will tie back to the site housing DC1 by site to site VPN. I am trying to simulate how DC2 will behave if the internet connection at either site were to go down and sever the VPN connecting them.
As it stands, DC2 seems to be severely crippled if it can't talk to DC1. I'm also noticing that I can't remote desktop to DC2 when it can't reach DC1, it fails with an error stating that the domain either doesn't exist or could not be contacted. This seems non-sensical since I'm trying to connect to a domain controller that is setup as a global catalog.
I am aware that I can use mstsc /admin and it will let me remote to DC2 when it can't contact DC1. That's not good enough. While we get 2 free RDS CALs for Administration, we have more than 2 Admins that need access to this machine and we have purchased the requisite CALs. Since we have more than 2 Admins, this must work in regular remote desktop mode, not /admin mode.
I need DC2 to be functional in a basic way such that our Admins can remote into it and work even if the VPN connection between our branch office and main office is down for whatever reason. What settings am I missing here that will correct these issues?