Solved

Quick overview of setting up SITE to SITE AD

Posted on 2007-04-06
4
603 Views
Last Modified: 2012-06-21
I would like a High level overview for SITE to Site AD.  Best pratice between bridgehead server ( should both bridgeheads be GC?) Also the replication settings

I have come to a site where there is a very large AD that is located in 2 datacenters

The one site has a DC DEVADC01 with all the FSMO roles
There is a second DC DEVADC02 that acts as a GC,DC.


In the other network is another 2 DC's
DEVBDC01
DEVBDC02

Under sites and services NTDS properties settings Connections tab for DEVADC01
Replicate From DEVBDC02
Replicate to  DEVBDC02 ( not a typo)
Under sites and services NTDS properties settings Connections tab for DEVADC02
Replicate From DEVADC01 DEVBDC01
Replicate To DEVADC01 DEVBDC02

Under sites and services NTDS properties settings Connections tab for DEVBDC01
Replicate From DEVBDC02
Replicate to DEVADC01 DEVBDC02

Under sites and services NTDS properties settings Connections tab for DEVBDC02
Replicate From DEVADC02 DEVBDC01
Replicate to DEVBDC01


Finally Update Sequence numbers are off

I think this above configuration is not best pratice.




0
Comment
Question by:cogit
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 30

Expert Comment

by:LauraEHunterMVP
ID: 18868106
A few points based on your description:

[1] Are you in a single domain environment?  If so, make every DC a GC; there's no overhead involved on a GC in a single-domain environment, and it decreases the likelihood of authentication failure due to a user being unable to find a GC.

[2] Ensure that your physical sites and subnets are accurately represented within AD Sites & Services (under the Administration Tools); AD will use this information to generate a replication topology. Additionally, client authentication is "site-aware", so you want your sites & subnets correctly configured so that clients will authenticate to a DC in their local site rather than wasting time & resources by authenticating across the WAN.

[3] Are all of these replication objects "automatically created", or have they been created manually?  (If you don't see the words "automatically created" when you click on the server and see the connection objects in the right-hand pane of ADS&S, they have been manually created. With only 4 DCs in the mix, I would simply allow AD to create the replication topology on its own - if there are any manually-created repl. objects, I would delete them and then re-trigger the KCC by right-clicking on the server's NTDS Settings and selecting All Tasks-->Check Replication Topology.  (Recommend you do this during off-hours since there will be a slight delay in replication while the KCC does its job.)

[4] What do you mean by "Update Sequence Numbers are off"?  Which Properties sheet are you looking at, and what is the exact text of the option you're describing.

Hope this helps.

Laura E. Hunter - Microsoft MVP: Windows Server - Networking
0
 

Author Comment

by:cogit
ID: 18868132
When you go on the NTDS settings, and select the object tab.

Also doing the following "With only 4 DCs in the mix, I would simply allow AD to create the replication topology on its own - if there are any manually-created repl. objects, I would delete them and then re-trigger the KCC by right-clicking on the server's NTDS Settings and selecting All Tasks-->Check Replication Topology.  (Recommend you do this during off-hours since there will be a slight delay in replication while the KCC does its job.)"

Would that create the bridgehead servers?

I'm mean there is only 16,800 users accounts ... lets do it during the day:)
0
 
LVL 30

Accepted Solution

by:
LauraEHunterMVP earned 500 total points
ID: 18868191
If you do not manually specify a bridgehead server for a particular site, the KCC will automatically select a bridgehead in each site when it creates replication objects.

Keep in mind that Active Directory creates multiple replication "rings" for the different segments of the AD database that need to be replicated - separate replication topologies are created for domain, configuration, and schema information. The KCC will attempt to load balance between available DCs when creating these different topologies, so you may have 1 DC in SiteA designated a bridgehead for the Domain NC while a 2nd DC is designated the bridgehead for the Schema & Configuration NCs. This load-balancing takes place one-time with the connection objects are first created.  You can designate a preferred bridgehead on the General tab of the server's properties sheet, but if you have full connectivity between all 4 DCs in both sites, I'd recommend just letting the KCC do its job.  (For a domain of only 4 DCs, the KCC will likely do as good a job as anything in creating an optimal replication topology.)

As for USNs being "off" - do you mean that you are seeing an object where the originating USN is the same as the current USN?  This simply means that whatever object it is (site, site link, etc.) has not been modified since it was originally created.  USNs are integral to the functioning of AD replication, they cannot be "turned off."

0
 

Author Comment

by:cogit
ID: 18868756
Thanks for the info.
0

Featured Post

Salesforce Made Easy to Use

On-screen guidance at the moment of need enables you & your employees to focus on the core, you can now boost your adoption rates swiftly and simply with one easy tool.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Organizations create, modify, and maintain huge amounts of data to help their businesses earn money and generally function.  Typically every network user within an organization has a bit of disk space to store in process items and personal files.   …
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This is a high-level webinar that covers the history of enterprise open source database use. It addresses both the advantages companies see in using open source database technologies, as well as the fears and reservations they might have. In this…
In this video, viewers are given an introduction to using the Windows 10 Snipping Tool, how to quickly locate it when it's needed and also how make it always available with a single click of a mouse button, by pinning it to the Desktop Task Bar. Int…

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question