Solved

Hub and Spoke setup in AD sites and services

Posted on 2011-09-30
22
1,494 Views
Last Modified: 2012-05-12
I have a hub and spoke setup in AD Sites and Services.  One HQ and 5 remote office.  In the Inter-Site Transports under the IP folder I created a site link for each remote office to the HQ with the proper cost and replication interval.  The question I have is why under the NTDS Settings, I see the remote branch instead of the HQ?  I would think under the NTDS settings for each remote site, it will only show the HQ domain controller.  All the DCs are global catalog.  How do I make it so that all replication goes through HQ and instead of remote sites in NTDS.

Thanks in advance.
0
Comment
Question by:Helping_Almac
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 7
  • 5
22 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 36892101
sounds like you have setup your sites correctly,  are you seeing any replication issues.   You can create connection objects manually but that is generally not recommended.   The KCC is creating those and generally does a good job.  It runs every 15 minutes so if a DC or site were to go offline it would redo the links.   Good page about that here

http://blogs.technet.com/b/markmoro/archive/2011/08/05/you-are-not-smarter-than-the-kcc.aspx

Thanks

Mike
0
 

Author Comment

by:Helping_Almac
ID: 36892133
There is no replication issue reported.  I do not want to setup manual connection but I would think NTDS should come from how you setup the site link.  I just want to make sure I am running a hub/spoke configuration but from looking at the each remote office NTDS, some are setup to only replicate to HQ and others are replication to remote office as their partner.  I just want to find a way so that all remote office NTDS shows the HQ domain controller without setting it up manually.
0
 
LVL 13

Expert Comment

by:Govvy
ID: 36892149
Can you give us a list of your site links and costs please
0
Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

 
LVL 57

Expert Comment

by:Mike Kline
ID: 36892184
So you currently have the hub site and then site links from each hub to HQ?
0
 

Author Comment

by:Helping_Almac
ID: 36892223
Correct.  I have all the remote sites connect to the HQ in Site Links.  Here is how my site link is setup.
sitelink.png
0
 

Author Comment

by:Helping_Almac
ID: 36892251
As you can see below, under the NTDS setting the US-DU-DC99 is replicating another remote office instead of the HQ DC
Helping-Almac-508277.flv
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 36892425
Do you have bridge all site links enabled or disabled

http://technet.microsoft.com/en-us/library/cc738789(WS.10).aspx

Thanks

Mike
0
 

Author Comment

by:Helping_Almac
ID: 36892431
I have bridge sites disable.
0
 
LVL 13

Expert Comment

by:Govvy
ID: 36892478
Which sites are listed in the Souderton Site-Link?
0
 

Author Comment

by:Helping_Almac
ID: 36892495
All the remote sites are listed in the Souderton Site Link
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 36892503
You don't need that just the site links between HQ and and the remote sites.

Thanks

Mike
0
 

Author Comment

by:Helping_Almac
ID: 36892512
Don't need what?
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 36892528
A site link that contains all the other site links.

The site links that contain the HQ-site with two sites in each should be good.

but if you are not seeing issues you could also leave it as is.

Thanks

Mike
0
 
LVL 13

Expert Comment

by:Govvy
ID: 36892540
Remove the Souderton Site-Link and that will solve the issue
0
 

Author Comment

by:Helping_Almac
ID: 36892555
Is there any article that support this because I would need to bring it up to management?
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 500 total points
ID: 36892589
There is a blurb here

http://technet.microsoft.com/en-us/library/cc783909(WS.10).aspx
Creating a site link between two or more sites is a way to influence replication topology. By creating a site link, you provide Active Directory with information about what connections are available, which ones are preferred, and how much bandwidth is available. Active Directory uses this information to choose times and connections for replication that will afford the best performance.

So by putting all the sites in that site link the KCC thinks they can all "talk"/"replicate"
0
 
LVL 13

Expert Comment

by:Govvy
ID: 36892597
http://technet.microsoft.com/en-us/library/cc754697.aspx - you should ideally have 2 sites per site-link and no more
0
 

Author Closing Comment

by:Helping_Almac
ID: 36892609
I will remove the SoudertonSite link all together.

Thanks everyone
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 36892616
no problem, thanks for the points.  next time you can also split points, but in the end glad we helped.

Thanks

Mike
0
 
LVL 13

Expert Comment

by:Govvy
ID: 36892618
Why did mkline get the points when I asked for your site-link info and provided the fix?
0
 

Author Comment

by:Helping_Almac
ID: 36892637
I just accidently accept it. I do not know how to split the points after I close it.
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question