Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Group policy being applied from NON PDC emulator and over slow WAN link

Posted on 2006-11-03
9
Medium Priority
?
463 Views
Last Modified: 2008-01-16
I am running a windows 2003 AD network. Users (including myself) are geting the group policy via a DC from different remote sites. I have confirmed my local DC is the PDC emulator, RID and global catalog. The only reason I noticed this was, a group policy i changed was not taking affect, so after running gpupdate, then gpresult i noticed the host was pulling from DC's on completly different subnets over WAN links. Any I insight would be appreciated. On top of that the 2 site they are talking to are over our slowest WAN links.
0
Comment
Question by:rptsysadmin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
9 Comments
 
LVL 22

Expert Comment

by:mcsween
ID: 17870409
Group Policy is distributed from any ADC in your domain.  The PDC emulator is there for the sole purpose of allowing backward compatibility to WinNT.


Open AD Sites and Services
Configure a "Site" for each physical location
Configure a Subnet for each site
Configure a Site Link for each WAN link
Move the servers into their correct sites

This is how AD can tell where you are logging on from and which server it should pull authentication and group policies from.

Also you should have a Global Catalog server at every site.
0
 
LVL 22

Expert Comment

by:mcsween
ID: 17870445
FYI - You will want to configure site links under Inter-Site Transports/IP.  SMTP is not reccomended for replication unless you have a very very slow WAN link (like a 56k)

If you have more than one WAN link you may want to consider configuring a Site Link Bridge too.

Here is more information from the horses' mouth
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/activedirectory/stepbystep/adsrv.mspx
0
 

Author Comment

by:rptsysadmin
ID: 17870460
I have all that configured already. All Site ahve their respective DC's and their respective subnets assigned.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:rptsysadmin
ID: 17870493
Under inter-site transports the deafult site link has all my sites in  the link.
0
 

Author Comment

by:rptsysadmin
ID: 17870515
Am I supposed to create a new site link for each site? The deafault site link i just mentioned is obviously just for the default site, not all my remote sites that i added, right? It just seemed confusing, so each dc at each remote location should be the bridgehead server then, right?
0
 
LVL 22

Expert Comment

by:mcsween
ID: 17870568
You should have a site link for every WAN link, so think of it like defining your T1, VPN, etc...

If you had 3 sites and each of them were connected to each other you would have 3 links
A&B
A&C
B&C

If you had 3 sites and B and C were connected to A but not to each other you would have 2 Site Links
A&B
A&C


Remember to set a cost on each link, slower links get a higher cost.  You can be arbitrary, i use 500 for my VPNs and 100 for my T1, but you could use 10 and 50 with the same results.



0
 

Author Comment

by:rptsysadmin
ID: 17870602
Understood. This should be configured under site links? So, if i right click on my remote server I should add the ip transport and make it a local bridge head server, right?
0
 
LVL 22

Accepted Solution

by:
mcsween earned 2000 total points
ID: 17870660
Configure in AD Sites and Services | Sites | Inter-Site Transports | IP


AD will assign bridgehead servers automagically but you can specify if you like; I always do.
0
 

Author Comment

by:rptsysadmin
ID: 17870669
Thanks!
0

Featured Post

Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Downtime reduced, data recovered by utilizing an Experts Exchange Business Account Challenge The United States Marine Corps employs more than 200,000 active-duty Marines with operations in four continents, all requiring complex networking system…
The Need In an Active Directory enviroment, the PDC emulator provide time synchronization for the domain. This is important since Active Directory uses Kerberos for authentication.  By default, if the time difference between systems is off by more …
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question