cogit
asked on
Quick overview of setting up SITE to SITE AD
I would like a High level overview for SITE to Site AD. Best pratice between bridgehead server ( should both bridgeheads be GC?) Also the replication settings
I have come to a site where there is a very large AD that is located in 2 datacenters
The one site has a DC DEVADC01 with all the FSMO roles
There is a second DC DEVADC02 that acts as a GC,DC.
In the other network is another 2 DC's
DEVBDC01
DEVBDC02
Under sites and services NTDS properties settings Connections tab for DEVADC01
Replicate From DEVBDC02
Replicate to DEVBDC02 ( not a typo)
Under sites and services NTDS properties settings Connections tab for DEVADC02
Replicate From DEVADC01 DEVBDC01
Replicate To DEVADC01 DEVBDC02
Under sites and services NTDS properties settings Connections tab for DEVBDC01
Replicate From DEVBDC02
Replicate to DEVADC01 DEVBDC02
Under sites and services NTDS properties settings Connections tab for DEVBDC02
Replicate From DEVADC02 DEVBDC01
Replicate to DEVBDC01
Finally Update Sequence numbers are off
I think this above configuration is not best pratice.
I have come to a site where there is a very large AD that is located in 2 datacenters
The one site has a DC DEVADC01 with all the FSMO roles
There is a second DC DEVADC02 that acts as a GC,DC.
In the other network is another 2 DC's
DEVBDC01
DEVBDC02
Under sites and services NTDS properties settings Connections tab for DEVADC01
Replicate From DEVBDC02
Replicate to DEVBDC02 ( not a typo)
Under sites and services NTDS properties settings Connections tab for DEVADC02
Replicate From DEVADC01 DEVBDC01
Replicate To DEVADC01 DEVBDC02
Under sites and services NTDS properties settings Connections tab for DEVBDC01
Replicate From DEVBDC02
Replicate to DEVADC01 DEVBDC02
Under sites and services NTDS properties settings Connections tab for DEVBDC02
Replicate From DEVADC02 DEVBDC01
Replicate to DEVBDC01
Finally Update Sequence numbers are off
I think this above configuration is not best pratice.
ASKER
When you go on the NTDS settings, and select the object tab.
Also doing the following "With only 4 DCs in the mix, I would simply allow AD to create the replication topology on its own - if there are any manually-created repl. objects, I would delete them and then re-trigger the KCC by right-clicking on the server's NTDS Settings and selecting All Tasks-->Check Replication Topology. (Recommend you do this during off-hours since there will be a slight delay in replication while the KCC does its job.)"
Would that create the bridgehead servers?
I'm mean there is only 16,800 users accounts ... lets do it during the day:)
Also doing the following "With only 4 DCs in the mix, I would simply allow AD to create the replication topology on its own - if there are any manually-created repl. objects, I would delete them and then re-trigger the KCC by right-clicking on the server's NTDS Settings and selecting All Tasks-->Check Replication Topology. (Recommend you do this during off-hours since there will be a slight delay in replication while the KCC does its job.)"
Would that create the bridgehead servers?
I'm mean there is only 16,800 users accounts ... lets do it during the day:)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for the info.
[1] Are you in a single domain environment? If so, make every DC a GC; there's no overhead involved on a GC in a single-domain environment, and it decreases the likelihood of authentication failure due to a user being unable to find a GC.
[2] Ensure that your physical sites and subnets are accurately represented within AD Sites & Services (under the Administration Tools); AD will use this information to generate a replication topology. Additionally, client authentication is "site-aware", so you want your sites & subnets correctly configured so that clients will authenticate to a DC in their local site rather than wasting time & resources by authenticating across the WAN.
[3] Are all of these replication objects "automatically created", or have they been created manually? (If you don't see the words "automatically created" when you click on the server and see the connection objects in the right-hand pane of ADS&S, they have been manually created. With only 4 DCs in the mix, I would simply allow AD to create the replication topology on its own - if there are any manually-created repl. objects, I would delete them and then re-trigger the KCC by right-clicking on the server's NTDS Settings and selecting All Tasks-->Check Replication Topology. (Recommend you do this during off-hours since there will be a slight delay in replication while the KCC does its job.)
[4] What do you mean by "Update Sequence Numbers are off"? Which Properties sheet are you looking at, and what is the exact text of the option you're describing.
Hope this helps.
Laura E. Hunter - Microsoft MVP: Windows Server - Networking