?
Solved

Active Directory Sites and replication

Posted on 2014-01-25
9
Medium Priority
?
58 Views
Last Modified: 2015-06-23
Hi guys,

I'm trying to figure out how exactly i need to setup an AD site to replicate to a remote site properly.

Goal: Configure AD Replication between two specific domain controllers in two different Sites. Site1 = 3 Domain Controllers on 3 different subnets. Site 2 = 1 Domain Controller, but can only talk to 1 out of the 3 domain controllers in Site 1. Need to configure Replication Topology that restricts replication traffic in such a way that the single domain controller in Site 2 can ONLY talk to a specific Domain Controller in Site 1 (as Network wise the remote site from a network level can only talk to specified network in Site 1)

Thoughts on how to do this cleanly?

Thanks
0
Comment
Question by:ric11003
8 Comments
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 39808841
I think you need to configure a bridgehead server in each site.
http://technet.microsoft.com/en-us/library/cc776937(v=ws.10).aspx
0
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 2000 total points
ID: 39808963
When you promote a DC to the environment with a specific Site it will create NTDS Settings which will automatically create connections to appropriate domain controllers within the same site (intra-site replicaiton) and with DC's that are in different sites (inter-site replicaiton).

It is recommended that you allow the KCC to create the connections automatically so that in the event one or many of your DC's go offline (server or network) the DC's that are online will continue to replicate accordingly.

You can however create manual connections to a specific DC with in Sites and Services. You can also set a preferred Bridgehead server which is how you will want to accomplish this.

If there are automatic connections created to your DC in Site you you can delete them and then right click "create new connection" and choose the replicaiton partner manually. You can also do this from the bridge head server as well.

Right click on the computer object that is in Site 2 and select properties, select IP and move it over as the preferred bridgehead server. See screenshot below...
Preferred Bridgehead server
Once you have done this you will then have a dedicated connection to your DC in Site 2 to a specific one in Site 1.

Just remember that manually create connections are ignored by KCC so if your DC in Site 1 fails or loses connectivity your DC in site 2 will Never get updates from the Other DC's until the DC in site 1 comes back online. Just be aware of this.

Will.
0
 

Author Comment

by:ric11003
ID: 39809110
Thanks guys really appreciate the input and help on this. I gone ahead and configured the BridgeHeads manually for both Sites1 and Site2. I've noticed that these <automatic connections still get generated and I'm thinking I'm having to delete them when they show up.. basically the connections are getting created that i know replication will fail based on the way the network is setup and i'm trying to configure it so that these automatic connections are no longer created.

This makes me believe there is something missing here.

Thoughts on this one?

Thanks again
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39809136
You can disable KCC using ldp.exe for the entire site. The link below outlines how to accomplish this...

Disable KCC using ldp.exe

Will.
0
 

Author Comment

by:ric11003
ID: 39809156
Thanks Will. This change would only effect the site or sites we make the change to right?
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39809158
That is correct. It deals with the specific Site. Make sure that you modify the correct one!

Will.
0
 

Author Comment

by:ric11003
ID: 39809272
Awesome thanks guys for helping with this.
0
 
LVL 36

Expert Comment

by:Seth Simmons
ID: 40845881
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question