Dear all experts,
I have an ongoing issue that has been plaguing me for a long time. Basically my FRS is partially broken and I'm not 100% sure it's because of incorrect connection topology configuration or something else.
My network and infrastructure is setup as follows;
2 x Windows Server 2008 R2 STD Domain Controllers at Head Office (HO) - One contains FSMO, other is just a GC and our secondary/backup DC. Let's call them HODC1 and HODC2
16 x Windows Server 2008 R2 Domain Controllers (all 18 DCs are located at 18 remote retail stores). All are configured for AD, DNS, Global Catalog.
2 x Windows Server 2012 R2 Domain Controllers (individual store DCs).
In regards to my network and for security reasons, my company has opted to configure networking and routes in such a way toNOT ALLOW remote locations to see/talk to eachother across the network. In other words, none of my remote domain controllers can talk to eachother except the two at HO. The HO DCs can talk to all store DCs without issue.
My question is: How do I configure NTFRS on HODC1/HODC2 to push updates down to the other 18 DCs when AD changes are made but still be able to make changes between themselves (ie: one-way replication)? Do I have to disable Inter/Intra-Site connections on all 18 remote locations and only enable it on HODC1 and HODC2?
I'm seeing a lot of 13508 errors on several DCs including HODC1. Just want to fix NTFRS once and for all before I attempt to migrate from FRS to DFS since FRS is a legacy technology and my forest level is currently 2008 R2. Apparently DFS is a far better solution.
Any and all help/advise is appreciated.
If you require any test results to be run, please feel free to ask because I didn't want to bloat this post with a bunch of unneeded results.
Thanks in advance,
SaGe69