Quick overview of setting up SITE to SITE AD

I would like a High level overview for SITE to Site AD.  Best pratice between bridgehead server ( should both bridgeheads be GC?) Also the replication settings

I have come to a site where there is a very large AD that is located in 2 datacenters

The one site has a DC DEVADC01 with all the FSMO roles
There is a second DC DEVADC02 that acts as a GC,DC.


In the other network is another 2 DC's
DEVBDC01
DEVBDC02

Under sites and services NTDS properties settings Connections tab for DEVADC01
Replicate From DEVBDC02
Replicate to  DEVBDC02 ( not a typo)
Under sites and services NTDS properties settings Connections tab for DEVADC02
Replicate From DEVADC01 DEVBDC01
Replicate To DEVADC01 DEVBDC02

Under sites and services NTDS properties settings Connections tab for DEVBDC01
Replicate From DEVBDC02
Replicate to DEVADC01 DEVBDC02

Under sites and services NTDS properties settings Connections tab for DEVBDC02
Replicate From DEVADC02 DEVBDC01
Replicate to DEVBDC01


Finally Update Sequence numbers are off

I think this above configuration is not best pratice.




cogitAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

LauraEHunterMVPCommented:
A few points based on your description:

[1] Are you in a single domain environment?  If so, make every DC a GC; there's no overhead involved on a GC in a single-domain environment, and it decreases the likelihood of authentication failure due to a user being unable to find a GC.

[2] Ensure that your physical sites and subnets are accurately represented within AD Sites & Services (under the Administration Tools); AD will use this information to generate a replication topology. Additionally, client authentication is "site-aware", so you want your sites & subnets correctly configured so that clients will authenticate to a DC in their local site rather than wasting time & resources by authenticating across the WAN.

[3] Are all of these replication objects "automatically created", or have they been created manually?  (If you don't see the words "automatically created" when you click on the server and see the connection objects in the right-hand pane of ADS&S, they have been manually created. With only 4 DCs in the mix, I would simply allow AD to create the replication topology on its own - if there are any manually-created repl. objects, I would delete them and then re-trigger the KCC by right-clicking on the server's NTDS Settings and selecting All Tasks-->Check Replication Topology.  (Recommend you do this during off-hours since there will be a slight delay in replication while the KCC does its job.)

[4] What do you mean by "Update Sequence Numbers are off"?  Which Properties sheet are you looking at, and what is the exact text of the option you're describing.

Hope this helps.

Laura E. Hunter - Microsoft MVP: Windows Server - Networking
0
cogitAuthor Commented:
When you go on the NTDS settings, and select the object tab.

Also doing the following "With only 4 DCs in the mix, I would simply allow AD to create the replication topology on its own - if there are any manually-created repl. objects, I would delete them and then re-trigger the KCC by right-clicking on the server's NTDS Settings and selecting All Tasks-->Check Replication Topology.  (Recommend you do this during off-hours since there will be a slight delay in replication while the KCC does its job.)"

Would that create the bridgehead servers?

I'm mean there is only 16,800 users accounts ... lets do it during the day:)
0
LauraEHunterMVPCommented:
If you do not manually specify a bridgehead server for a particular site, the KCC will automatically select a bridgehead in each site when it creates replication objects.

Keep in mind that Active Directory creates multiple replication "rings" for the different segments of the AD database that need to be replicated - separate replication topologies are created for domain, configuration, and schema information. The KCC will attempt to load balance between available DCs when creating these different topologies, so you may have 1 DC in SiteA designated a bridgehead for the Domain NC while a 2nd DC is designated the bridgehead for the Schema & Configuration NCs. This load-balancing takes place one-time with the connection objects are first created.  You can designate a preferred bridgehead on the General tab of the server's properties sheet, but if you have full connectivity between all 4 DCs in both sites, I'd recommend just letting the KCC do its job.  (For a domain of only 4 DCs, the KCC will likely do as good a job as anything in creating an optimal replication topology.)

As for USNs being "off" - do you mean that you are seeing an object where the originating USN is the same as the current USN?  This simply means that whatever object it is (site, site link, etc.) has not been modified since it was originally created.  USNs are integral to the functioning of AD replication, they cannot be "turned off."

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
cogitAuthor Commented:
Thanks for the info.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.