Sites and Services NTDS settings for AD with 8 sites
We have an AD with 8 sites. The main DC's are in our head office. Located on the other sites we have 7 more DC's. The domain is Windows 2003 Native AD. Under Active Directory Sites and Services I noticed that some connections are automatically generated, but most of them are not and were created manually.
The sites are connected through 2Mbit SDSL connections which are up 24/7. Most site to site connections are now set to one or two DC's at the main office replicating over IP twice per hour. DC's at the head office are connected to the other DC's at the head office by RPC connections four times per hour.
My questions is how many NTDS connection should any DC on a site have. Should it only be connected to one DC at the main office? All DC's at the main office or should it be connected to every possible DC on every possible site (making it mandatory to create lots of NTDS connection objects by hand).
The sites are connected through 2Mbit SDSL connections which are up 24/7. Most site to site connections are now set to one or two DC's at the main office replicating over IP twice per hour. DC's at the head office are connected to the other DC's at the head office by RPC connections four times per hour.
My questions is how many NTDS connection should any DC on a site have. Should it only be connected to one DC at the main office? All DC's at the main office or should it be connected to every possible DC on every possible site (making it mandatory to create lots of NTDS connection objects by hand).
ASKER
I think it was just setup and no specific thinking was done about the sites and services configuration.
Currently we have 8 different site links. Each site links contains the head office site and a branch office site so there are no more than two sites in a site link. The cost of every site link is 100, the replication interval 30. All branch offices are connected over SDSL lines with the same speed.
So.... Site link A for instance contains Head Office Site and Branch A.
Site link B contains Head Office site and Branch B
Site link C contains Head Office site and Branch C etcetera
There is no site link bridge present under Inter-Site Transports.
I guess the site links are set up ok, but we seem to be missing a site link bridge with all site links in it?
Currently we have 8 different site links. Each site links contains the head office site and a branch office site so there are no more than two sites in a site link. The cost of every site link is 100, the replication interval 30. All branch offices are connected over SDSL lines with the same speed.
So.... Site link A for instance contains Head Office Site and Branch A.
Site link B contains Head Office site and Branch B
Site link C contains Head Office site and Branch C etcetera
There is no site link bridge present under Inter-Site Transports.
I guess the site links are set up ok, but we seem to be missing a site link bridge with all site links in it?
The site link bridge will allow multiple site links to "converse" with each other. Since the design looks like a classical hub-and-spoke - you should be good to go.
ASKER
Created a site link bridge, added all the site links to it and hit the 'check replication topology' several times on several DC's. The DC's in the main site have different connection objects. One DC has links to almost any DC. The other DC's at the head office have only two connections. In the eventviewer we have messages like
'The following directory partition is no longer replicated from the source domain controller at the following network address because there is no Connection object for the domain controller'
DC's at the branch offices sometimes have only one connection.
Is this just a case of wait and be patient?
Also... the site links were created automatically and some links are set to only replicate one time per hour. If we change it we get warnings that the changes will be overwritten since the link was automatically generated and if we wish to mark it as not automatically generated. We'd like to change some links because the schedule for replication between the DC's in the head office is set to only once per hour. Does that mean any change on a DC will not be visisble on another DC in the head office for 60 minutes?
'The following directory partition is no longer replicated from the source domain controller at the following network address because there is no Connection object for the domain controller'
DC's at the branch offices sometimes have only one connection.
Is this just a case of wait and be patient?
Also... the site links were created automatically and some links are set to only replicate one time per hour. If we change it we get warnings that the changes will be overwritten since the link was automatically generated and if we wish to mark it as not automatically generated. We'd like to change some links because the schedule for replication between the DC's in the head office is set to only once per hour. Does that mean any change on a DC will not be visisble on another DC in the head office for 60 minutes?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Since you have a pretty small Sites and Service design, you could go a couple ways on this one. You could let the ISTG/KCC take care of your replication topology or you could create the links manually. Since you have a small number of sites and a fairly fast connection, it is usually best to let the ISTG take care of it - this allows for fault-tolerance. To let ISTG do its job on "full auto" mode, ensure that all sites are bridged:
Open Sites
Open Inter-Site Transports
Open IP
Double-click the site link in the right-pane (normally named DEFAULTSITELINK)
Ensure all of your sites are in this bridge (if you have mutiple bridges, you should collapse them into one)
Next, delete all of the manually defined connections under NTDS Settings.
The ISTG should run automatically in a few minutes, but if you're in a hurry you can force it to run right-away. To do so:
Right-click each NTDS Settings
Select All Tasks, Check Replication Topology
If you have some bandwidth issues, then you might have to tweak the design. In most cases a hub-and-spoke design is a good idea. In this case, you would assess where most of your AD changes take place and establish that Site as the hub. After that's done, you would manually configure site links from the spokes to the hub. In this case, you minimize your convergence time. Microsoft has a pretty good guide on designing branch offices at:
http://www.microsoft.com/downloads/details.aspx?FamilyId=02057405-49AF-4867-BF1D-E0232B5C59E3&displaylang=en