Direct access deployment on Parent DC in Child site

hi all,

i have interesting 1 here can't find answer on. organisation has multi child domain setup different geographical locations (ie. europe.contoso.com, asia.contoso.com, etc.) , looking implement direct access in our regions support windows 7. understand clients have 1 da access point don't support multisite setup.

currently our infrastructure setup parent dc (contoso.com) in each child domain site running rras , nps. migrated 2012r2 2008r2 recently. there have our child domain infrastructure, on same subnet, no vlan's etc.

my question is, can deploy da on parent dc in each region, settings applying child domain dc located in? or need deploy da on child domain server group policy isn't applied entire forest?

any on appreciated.

hi jzx_packy,

thanks posting on technet forum.

>>my question is, can deploy da on parent dc in each region, settings applying child domain dc located in? or need deploy da on child domain server group policy isn't applied entire forest?

it not recommend deploy direct access server on dc.

i suggest deploy multiple da different sites.

directaccess servers can installed in multiple sites of organization increase capacity , provide more efficient routing when accessing site-specific intranet resources.

setting multi-site directaccess requires careful design , planning following goals met:

• a directaccess client can connect directaccess server of site , can access intranet resources in site.
• a directaccess client can managed management server of site.
• a directaccess client can travel site , determine connected intranet.

for more information, refer link below:

https://technet.microsoft.com/en-us/library/ff625682%28v=ws.10%29.aspx?f=255&mspperror=-2147217396 (server 2008)

https://technet.microsoft.com/en-us/library/hh831664.aspx (server 2012)

best regards,

---

andy_pan

Windows Server  >  Network Access Protection