AD with 5 Sites, One Domain and 2 Exchange Server


Im preparing to separate 5 sites across the US that currently:

- Connected via VPN
- Communicate with no issue
- All are part of the the Default-First-Site-Name
- Each Have there own subnet (Not Subnet  Site in AD Sites and Services)
- Communicate to one Central Exchange Server on Each Coast

My questions are

1- In doing this will there be any disruption in connectivity to the DC's
2- Will it affect the Exchange Servers some how
3- Besides the Site Links Do i Have to do anything else to make sure they can communicate.
4- Should i Have all of the links Replicate to one server as opposed to each other. (all the servers replicate to one central dc and the the central DC pushes out the updates to all the server
5- Should i be aware of anything else before i do this?

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Ok, let me make sure I understand. You are wanting to separate the 5 sites in Active Directory?

First you'll want to create the site names, then create the Subnets.

You should have active directory topology mirror your wan topology.  If you have HQ at the center, and all remote sites vpn to the HQ, then your AD replication should have the remote sites replicate to HQ, and HQ replicate to the remote sites (star topology).

Once you have created your site names, subnets - then move those servers into their remote sites. Prune back replication on remote sites to have it replicate with HQ only.

Be aware - do not rename your default-first-site-name until you have verified that the remote sites are all replicating with HQ without any errors.  Otherwise, if replication is trying to propagate and you have a server looking for default-first-site-name, and it is no longer there, then you can have problems.
mizgroupAuthor Commented:
Well in regards to wan topology currently all sites VPN to all sites. But I was thinking in regards to replication, I would  centralize the process to one dc.  

Will there be any disruption during this process? Will exchange servers / users have any issues with these changes that I will have to deal with.
If you have a fully-meshed topology, then your AD replication and site configurations should mirror that fully meshed topology.
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

mizgroupAuthor Commented:
Will there be any disruption during this process? Will exchange servers / users have any issues with these changes that I will have to deal with.
Hi Miz,

When you promote a DC it automatically comes under Default first site and the replication topology is full mesh.If you have not created any manual connection objects,AD replication will work perfectly fine.
Knowledge consistency checker (KCC) is responsible for checking AD replication every 15 Min and as they lie in same site,Inter Site Topology Generator (ISTG) server which is the first DC in that is promoted will take care of Inter Site replication.You need not worry about ISTG as all DC's are in same site.

Hope the information helps !!!

mizgroupAuthor Commented:
Hi gurdeep

So you're saying that i don't need to segment my network? Replication is not my objective. The replication is working fine. My objective is speed and proper allocation of assets to sites (client machines logging inn via the correct GC for their site).

No - the only things that this could impact is replication.  If you have your sites and subnet's laid out. properly, all that happens is that those remote sites will then know which AD DC is the closest to them, and will try to authenticate to their nearest GC.

The only potential area of concern is if that GC that you place into that site is not functioning properly and cannot process logins, which would mean that the next nearest GC would be selected out of the AD topology.

The only time this could cause problems is if you are having AD replication issues right now, and the changes you made to AD were not replicated to other DC's.  If you look at your event logs, and you do not see any replication errors trying to talk to DC-x, then you'll be fine.

YOU can verify replication by doing the following: From the AD w/FSMO, create all the sites and subnets.  THen connect to the remote DC and see if it has all the information you added, if so, move that DC into its proper site container.  GO back to the AD/FSMO and verify that those changes got replicated to it. Proceed from there.

All you are doing is giving AD the topology of your environment so it can determine where its nearest DC/GC is, and where the next nearest DC is, etc.

The only time I've had problems with this is that there was replication issues at the customer site. I first renamed the default-first-site-name to HQ or something, then proceeded to move servers out of HQ and into their site.  When they went to move, they could not find defaut-first-site-name container and they would never move, so I had to rename HQ back to the default, then move the servers, establish their next nearest replication partners, let it set for a few days, then renamed default back to HQ.  I tweaked the site connection links to reflect the bandwidth between the sites.

Never at any point would it take down exchange, Exchange relies upon a GC to look information up.  So long as it has access to that, you should not have any problems.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
mizgroupAuthor Commented:
Thanks for the detailed response!

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.