Solved

Active Directory Sites and replication

Posted on 2014-01-25
9
45 Views
Last Modified: 2015-06-23
Hi guys,

I'm trying to figure out how exactly i need to setup an AD site to replicate to a remote site properly.

Goal: Configure AD Replication between two specific domain controllers in two different Sites. Site1 = 3 Domain Controllers on 3 different subnets. Site 2 = 1 Domain Controller, but can only talk to 1 out of the 3 domain controllers in Site 1. Need to configure Replication Topology that restricts replication traffic in such a way that the single domain controller in Site 2 can ONLY talk to a specific Domain Controller in Site 1 (as Network wise the remote site from a network level can only talk to specified network in Site 1)

Thoughts on how to do this cleanly?

Thanks
0
Comment
Question by:ric11003
9 Comments
 
LVL 30

Expert Comment

by:Gareth Gudger
Comment Utility
I think you need to configure a bridgehead server in each site.
http://technet.microsoft.com/en-us/library/cc776937(v=ws.10).aspx
0
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 500 total points
Comment Utility
When you promote a DC to the environment with a specific Site it will create NTDS Settings which will automatically create connections to appropriate domain controllers within the same site (intra-site replicaiton) and with DC's that are in different sites (inter-site replicaiton).

It is recommended that you allow the KCC to create the connections automatically so that in the event one or many of your DC's go offline (server or network) the DC's that are online will continue to replicate accordingly.

You can however create manual connections to a specific DC with in Sites and Services. You can also set a preferred Bridgehead server which is how you will want to accomplish this.

If there are automatic connections created to your DC in Site you you can delete them and then right click "create new connection" and choose the replicaiton partner manually. You can also do this from the bridge head server as well.

Right click on the computer object that is in Site 2 and select properties, select IP and move it over as the preferred bridgehead server. See screenshot below...
Preferred Bridgehead server
Once you have done this you will then have a dedicated connection to your DC in Site 2 to a specific one in Site 1.

Just remember that manually create connections are ignored by KCC so if your DC in Site 1 fails or loses connectivity your DC in site 2 will Never get updates from the Other DC's until the DC in site 1 comes back online. Just be aware of this.

Will.
0
 

Author Comment

by:ric11003
Comment Utility
Thanks guys really appreciate the input and help on this. I gone ahead and configured the BridgeHeads manually for both Sites1 and Site2. I've noticed that these <automatic connections still get generated and I'm thinking I'm having to delete them when they show up.. basically the connections are getting created that i know replication will fail based on the way the network is setup and i'm trying to configure it so that these automatic connections are no longer created.

This makes me believe there is something missing here.

Thoughts on this one?

Thanks again
0
 
LVL 53

Expert Comment

by:Will Szymkowski
Comment Utility
You can disable KCC using ldp.exe for the entire site. The link below outlines how to accomplish this...

Disable KCC using ldp.exe

Will.
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:ric11003
Comment Utility
Thanks Will. This change would only effect the site or sites we make the change to right?
0
 
LVL 53

Expert Comment

by:Will Szymkowski
Comment Utility
That is correct. It deals with the specific Site. Make sure that you modify the correct one!

Will.
0
 

Author Comment

by:ric11003
Comment Utility
Awesome thanks guys for helping with this.
0
 
LVL 34

Expert Comment

by:Seth Simmons
Comment Utility
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now