Connection and disconnection of a DC

Question

I have a small network with one DC and about 15 PCs.

I want to incorporate a second DC in order to have a backup scheme since some time ago we suffered a Rasomware attack.

My idea is to connect that second DC only a couple of hours a week, in order to replicate users, groups, permissions, etc. And then disconnect it again.

I want to avoid is that before a new attack, both the main one and the secondary one are rendered useless.

Is it possible to do this and still have the AD working correctly?

Answer 1

What other alternative can I consider?

Routine backups. It's always recommended to have two of more domain controllers for high availability and disaster mitigation. Also
https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/securing-domain-controllers-against-attack

--please don't forget to upvote and Accept as answer if the reply is helpful--

Answer 2

Hello

It’s generally not recommended to disconnect a domain controller from the network for extended periods of time. Domain controllers rely on regular communication with each other to keep their data synchronized and up-to-date. If a domain controller is disconnected from the network for an extended period of time, it may not receive important updates and changes, which could lead to inconsistencies and conflicts when it is reconnected.

Instead of disconnecting the second domain controller, you could consider keeping it connected to the network and configuring it as a backup domain controller. This would allow it to receive regular updates and changes from the primary domain controller, ensuring that it has the most up-to-date information in case it needs to take over as the primary domain controller.

If the response is helpful, please click "Accept Answer" and upvote it.