Solved

Active Directory Sites and replication

Posted on 2014-01-25
9
53 Views
Last Modified: 2015-06-23
Hi guys,

I'm trying to figure out how exactly i need to setup an AD site to replicate to a remote site properly.

Goal: Configure AD Replication between two specific domain controllers in two different Sites. Site1 = 3 Domain Controllers on 3 different subnets. Site 2 = 1 Domain Controller, but can only talk to 1 out of the 3 domain controllers in Site 1. Need to configure Replication Topology that restricts replication traffic in such a way that the single domain controller in Site 2 can ONLY talk to a specific Domain Controller in Site 1 (as Network wise the remote site from a network level can only talk to specified network in Site 1)

Thoughts on how to do this cleanly?

Thanks
0
Comment
Question by:ric11003
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 39808841
I think you need to configure a bridgehead server in each site.
http://technet.microsoft.com/en-us/library/cc776937(v=ws.10).aspx
0
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 500 total points
ID: 39808963
When you promote a DC to the environment with a specific Site it will create NTDS Settings which will automatically create connections to appropriate domain controllers within the same site (intra-site replicaiton) and with DC's that are in different sites (inter-site replicaiton).

It is recommended that you allow the KCC to create the connections automatically so that in the event one or many of your DC's go offline (server or network) the DC's that are online will continue to replicate accordingly.

You can however create manual connections to a specific DC with in Sites and Services. You can also set a preferred Bridgehead server which is how you will want to accomplish this.

If there are automatic connections created to your DC in Site you you can delete them and then right click "create new connection" and choose the replicaiton partner manually. You can also do this from the bridge head server as well.

Right click on the computer object that is in Site 2 and select properties, select IP and move it over as the preferred bridgehead server. See screenshot below...
Preferred Bridgehead server
Once you have done this you will then have a dedicated connection to your DC in Site 2 to a specific one in Site 1.

Just remember that manually create connections are ignored by KCC so if your DC in Site 1 fails or loses connectivity your DC in site 2 will Never get updates from the Other DC's until the DC in site 1 comes back online. Just be aware of this.

Will.
0
 

Author Comment

by:ric11003
ID: 39809110
Thanks guys really appreciate the input and help on this. I gone ahead and configured the BridgeHeads manually for both Sites1 and Site2. I've noticed that these <automatic connections still get generated and I'm thinking I'm having to delete them when they show up.. basically the connections are getting created that i know replication will fail based on the way the network is setup and i'm trying to configure it so that these automatic connections are no longer created.

This makes me believe there is something missing here.

Thoughts on this one?

Thanks again
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39809136
You can disable KCC using ldp.exe for the entire site. The link below outlines how to accomplish this...

Disable KCC using ldp.exe

Will.
0
 

Author Comment

by:ric11003
ID: 39809156
Thanks Will. This change would only effect the site or sites we make the change to right?
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39809158
That is correct. It deals with the specific Site. Make sure that you modify the correct one!

Will.
0
 

Author Comment

by:ric11003
ID: 39809272
Awesome thanks guys for helping with this.
0
 
LVL 35

Expert Comment

by:Seth Simmons
ID: 40845881
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Installing 2012 R2 and making it a domain controller 6 42
Master DC completely died 15 66
Remote Desktop Terminal License Issue 5 45
GPO denied - but why ? 6 51
This article runs through the process of deploying a single EXE application selectively to a group of user.
This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question