You may want to look at the following:
How to optimize the location of a domain controller or global
catalog that resides outside of a client's site
http://support.microsoft.com/kb/306602/en-us
"T. Garay" <moc.etluhcS-noirehpS@yhtomiT> wrote in message news:
>I am working to setup a disaster recovery site and I've created a
> domain controller (Win2k3 Server Standard).
>
> I have a site-to-site VPN setup using SonicWALL firewalls. For
> testing purposes I have a cable line in our building and I've setup a
> site-to-site VPN with that to our regular ISP Internet firewall.
>
> When I set this new DC up, I placed it on the VPN network and used
> DCPromo to make it a domain controller. We have two domain
> controllers on our regular LAN.
>
> I am now running into a problem where some users are being
> authenticated to that server which is REALLY SLOW because it is
> through the VPN connection.
>
> I want the server active so that it has a current copy of the Active
> Directory database but I don't what users or devices authenticating to
> it.
>
> Is there some way to block it in Windows or demote it so that it's the
> last server anyone or anything tries to connect to?
>
> My only other option would be to block it in the firewall so that only
> the existing DC's can see it through the VPN to maintain the the AD
> database.
>
> Thanks!
>
> -Tim
Similar Threads
Linear Mode
