Portable Domain Controller

[thefarewellnote]

Ok - bare with me for a min on this.  Its silly but I don't see why this wouldn't work. 

 

 

We have a client that has a remote office that won't go live with a MPLS (Site to Site VPN) until Jan 1, 2015.   We have been tasked with getting their laptops reconfigured over a break next week - joining them to the domain and all that.   

 

I came up with the idea of taking our domain controller (that is virtualized) and putting it on a laptop (virtualized) and taking that DC down to the site.  

 

From there I would join the machines to the domain and push out all the GPOs/installs. 

 

Then I would bring the DC back to their HQ and tell it to replicate to the backup domain controller here at HQ.  

 

In my mind this should work flawlessly - and then when the MPLS (Site to Site VPN) comes online the machines would see each other and all be good.

 

 

Any problems here? 

 

 

[sc302 Veteran]

the only problem that I can see is if the machines decide to change their account passwords during the time that it is out (technically you have 90 days though prior to tombstoning so you should be within that time period).

 

Why can they not wait 4 weeks for this to take place?  You could create a script that you can run to automate the installs if you have them all in a gpo (would need to copy the msi/mst files)....this would be as difficult as making a portable dc and then trying to resync it.

 

I would have them wait or install a vpn to the main site if they have a internet connection now (may not be as fast as the mpls, but it will be something).

[TPreston]

You should deploy a RODC at the remote site. You can use the install from media option if you are worried about bandwidth.

[binaryzero]

Do an offline domain join.