We have one PDC (windows server 2003) in our HQ. We have one branch office located very far from our HQ which is connected to ISDN line to our HQ.
Remote branch is having 100 users and need authenticaton from our PDC server. Company policies stress on reducing costs on infrastructure.
If I place one ADC on remote office, and use sites from managing replication traffic..Will it be sufficient ? But I read somewhere that it will create domain admin groups on ADC which will allow admin on remote office to perform and domain admin tasks.
Is there any other way out so that admin in branch office can only unlock users account or change password policies of their location only?
Can I use any other authentication mechanism which provides authentication only, like any LDAP server or so on ?