Domain Controller

The primary reason is to provide authentication services in the event of a WAN failure.

hello bola. i think another reason is that an on-site DC would have quick response time to sent traffics and saves you unnecessary delays when running online business enterprise programs.

A PC can use cached credentials to logon if needed as in a laptop that is not onsite. A local DC is a design question that really depends on how the network is being deployed and 100 other factors. Most will use a local DC because it's what we are used to doing since NT Server days. DC will usually also server as DNS and DHCP for local subnets. HAving a local DNS WINS server helps by eliminating latency needed to communicate with a remote DC. It's a good idea to have multiple DCs spread around anyway. You should have at least 2 in any medium sized office.

CimmerianX brings up some good points. Just to add though in the event of a WAN failure, if there are Universal groups established in the domain communication between client and a GC (Global Catalog DC) is required for authentication to be successful. In a single first, single domain model with at least one DC (with GC enabled) located at each site mitigates these types of issues. For organizations with many sites.. implementing robust, redundant WAN links can further mitigate the need to deploy DCs at each site.

@JorgeM, thanks for the response and yes it is a rather robust WAN

@CimmerianX, Yes they can log in with cached details, but the site has a really large number of users on site and resources (campus) and concern is more about how to serve those on site. Thanks so much for your response.

@emmanayo Ok, that makes sense, thanks for responding. Yes, they have a website wth some commerce on it.