Domain controllers in remote sites

Posted on 2007-10-17
Medium Priority
Last Modified: 2010-04-18
I'm attempting to replace a DC running windows 2000 server in a remote site to windows 2003. I am uncovering a bit of mess in AD (orphaned child domains, directory service log messages etc...) and I'm trying to get everything cleaned up before I add this new DC.

Using ntdsutil I have successfuly done a thorough metadata cleanup of old child domains and servers.

Now here is the overview.

HQDC1 - windows 2003  (currently holds all 5 FSMO roles & is a Global Catalog) DNS
HQDC2 - windows 2000 Global Catalog
Site1DC - windows 2003 Global Catalog, DNS, DHCP
Site2DC - windows 2000 Global Catalog, DNS DHCP
Site3DC - windows 2000 Global Catalog, DNS, DHCP
Site4DC - windows 2000 Global Catalog, DNS, DHCP (upgrading to 2003)

There are site to site VPN tunnels set up between Site1 thru Site4 to HQ.
There is no connectivity between any of the remote sites. (ex: site1 does not access site4's subnet)

I went through AD sites and services and expanded all the ntds settings for each site and cleaned out all of the replication settings referencing DC's in sites that they can't reach.
Meaning, now HQDC1 and HQDC2 have replication settings between themselves and all the DC's in the remote sites, whereas the remote sites have only replication settings for the DC's at HQ.
I did this in hopes to get rid of the meriad of KCC messages in the directory service event logs on all of the DC's.

After doing this I left the DC's for a while to allow them to do their thing.
When I returned I found that Site1DC (which is the only 2003 server in a remote site) auto recreated the ntds settings for the DC's in the remote sites and the event logs are filling up again.

Before I add another 2003 dc in a site I would like to find out what I'm doing wrong.
I need each site's DC to be a GC in case the VPN to headquarters dies.
Do I need to configure my routers to allow access from remote site to remote site?
If it is not neccessary to have inter site connectivity, how do I set up AD?
How come the ntds settings keep auto-generating on Site4's DC?

Any help is much appreciated


Question by:jmarenghi

Author Comment

ID: 20095843
Under-Inter Site Transports in AD sites and services.

The Porperties of the IP container do not have bridge all sites checked, but under SMTP it is.

Do I even need this protocol in here?

LVL 48

Accepted Solution

Jay_Jay70 earned 1000 total points
ID: 20097614
you wont be needing smtp at all

you can tell KCC to stop creating links, but i am not really a huge fan of doing it, but, saying that, considering you have no connetivity, then you will probably need to

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question