Dear friends..
I am trying to check my scenario with the community here .. I am hosting a client's exchange on Windows 2012 and DC on 2012 R2 in my data center say SITE - A ... now we decided to provide a fresh DC on client site (SITE - B) and i decided to make a secondary DC to authenticate to the SITE-A DC over a remote access openVPN.
I am able to authenticate ... install the SITE-B server as secondary DC.. now my next job is to join all the machines at client site to the new domain controller. Plan is to use SITE-B DC for authentication of users sitting in SITE-B but i am not sure this thing will work on not. I want both the DCs to be Sync but users at client site should sync/ AUTHENTICATE to their local secondary DC and not to SITE-A dc. though SITE-A DC is the main DC which serves the mail server..
Please share your ideas if i am doing correct and how can i force those local clients to authenticate locally and not over the VPN which is over a low speed broadband. and when their local DC is down then they can authenticate to SITE-A DC.
Please advise based on your experience and best practices.
Thanks
Happiness Always
Jatin