patriots
asked on
DC promotion over slower WAN link
We are in the process of standing up several remote DC's that will reside in branch offices that are connected over a WAN link. Our AD infrastructure is on the larger side, with perhaps 10 to 20,000 objects to replicate. Our desire is for each remote DC to be both a DNS and GC. Are there any gotchas to performing such a promotion? Anything we should keep an eye on? Specifically I'm curious about:
1. length of time initial replication push might take.
2. whether or not the DC will try to self-register in it's own copy of DNS before replication has completed, thereby causing some failures.
3. Any other issues with this type of promotion that we may not have considered or know about.
Background Info:
The servers are Server 2008 R2, and the domain is mixed with some 2003 DC's still in the domain, but back at the main data center. The domain infrastructure has an empty root domain, and a child domain where all accounts (user/computer) reside. The new DC's will be child members, not root members.
1. length of time initial replication push might take.
2. whether or not the DC will try to self-register in it's own copy of DNS before replication has completed, thereby causing some failures.
3. Any other issues with this type of promotion that we may not have considered or know about.
Background Info:
The servers are Server 2008 R2, and the domain is mixed with some 2003 DC's still in the domain, but back at the main data center. The domain infrastructure has an empty root domain, and a child domain where all accounts (user/computer) reside. The new DC's will be child members, not root members.
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
We strongly considered RODC's but elected against them since physical security of the server is not a primary concern (they are VM's and locked in a secure location). We are deploying an RODC in our DMZ environment.
The NTDS.DIT file is about 500 MB so it's not excessive, however, I know it will take time to copy the file out and fully process. I'm considering about 20 min on the replication considering it takes about 10 min for it to fully process locally.
The NTDS.DIT file is about 500 MB so it's not excessive, however, I know it will take time to copy the file out and fully process. I'm considering about 20 min on the replication considering it takes about 10 min for it to fully process locally.
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
I don't use RODC because of the physical security issues; I use them because it makes management easier when all of the writeable DCs are local, as opposed to some changes which we had to make on a specific DC lest we have to wait for AD replication.
You can also use the install from media option and that can help save bandwidth http://www.petri.co.il/install_dc_from_media_in_windows_server_2003.htm
Thanks
Mike