Solved

AD and replication

Posted on 2014-02-04
11
515 Views
Last Modified: 2014-02-14
We have 1 main site with vpn connections to our other sites, but they don't all have vpn tunnels to each other. I added an AD server in several of the sites.  The latest one I added showed up under sites & services, but it automatically generated a replication to a server/site that it does not have a direct tunnel to. Is it okay to delete that automatically generated object under NTDS settings in AD sites and Services?
I see there are replication errors to it.
0
Comment
Question by:jtano
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 3
11 Comments
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 25 total points
ID: 39833211
In sites and services do you have bridge all site links checked or unchecked?   Great thread about BASL here.  I was going to to explain it but my friends id a good job there

http://social.technet.microsoft.com/Forums/windowsserver/en-US/70104b15-2e6f-428e-9361-ddc1eb816b12/hub-and-spoke-topology-with-sites-and-services?forum=winserverDS

Thanks

Mike
0
 

Author Comment

by:jtano
ID: 39833332
Bridge all site links is UNCHECKED.   So I need go under IP and where the defaultsITELINk is change that to take out the new AD or create a new site link and have only the new AD on the link with the main AD? Does that sound correct?
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 39833357
Does the new site and AD have a physical connection.  Can they talk to each others?  If so a site link from remote site to HQ is common.   How do you have your sites setup right now?

Tanks

Mike
0
Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

 

Author Comment

by:jtano
ID: 39833435
They have a vpn connection, not physical. They can talk to each other. Its one of the Other remote sites that it automatically built a connection to under NTDS settings.
The other sites all have a vpn connectio to each other. This one only has a connection to the main site, not to this remote site its trying to replicate to.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 39833471
Is there a site link between the site and the remote site it is trying to replicate to?

Thanks

Mike
0
 
LVL 37

Expert Comment

by:Mahesh
ID: 39833595
Since this is Hub and spoke topology, do not remove bridge all site links checkbox.
In that case you need to create site link bridge between hub site and every vpn site.

Instead go to AD sites and services, go to IP site links and create new site links (representing each vpn site) and keep only two sites as member sites for each site link, one main site and one respective vpn site.

Then delete unnecessary connection objects from each site. You may create manual connection objects for time being.
This will prevent creation of unnecessary connection objects in all sites.

Mahesh
0
 

Author Comment

by:jtano
ID: 39833932
Sorry now I'm getting confused. . First under IP properties "Bridge all site links" is NOT CHECKED.
1. Are you recommending to check that?
I have under AD sites and services my 5 sites:
CB- main site
RR - remote
SH- remote
SUM-remote
VN-remote
Under Inter-site
        IP  I have Defaultsiteiplink - Sites in this link CB with SH and VN
       then there are 2 more site links created 1 called RR with CB and RR
       then a 3rd link SUM with CB and SUM in the site link.
I"m assuming this is where i have to add the new remote link called SH?

Also under the site called SH the new remote AD server SH1has under NTDS settings 2 automatically generated  connections 1 to a AD server in CB ( main) and 1 to an AD server in VN (remote)  My original question was can I delete the VN generated connection since there is no vpn connection between them.
I would like to do what is recommended so if that means putting the check mark back for"bridge all site links" then please let me know.  Thank you
0
 
LVL 37

Accepted Solution

by:
Mahesh earned 225 total points
ID: 39834761
Yes, you can select bridge all site links which is the default setting when you originally deploy active directory.
Just remove SH from Default IP site link and then create new site link and add CB and SH there as member sites.
Then rename Default IP site link to CB-VN

As a result you will have total 4 IP site links including Default IP site Link,
In all site links CB is common site and one VPN site in each site link

You can remove all \ unwanted connection objects any time without any problem.
Later on again when you right click NTDS settings and click on Check Replication Topology, new automatic connections will be automatically generated based on your site link member sites.
Else AD will generate them over the time automatically

Mahesh
0
 

Author Comment

by:jtano
ID: 39859896
I wasn't sure if I should make a new question, but I wanted to attach it to this one:
Mahesh,
Everything worked well except I have 2 AD servers in the CB site. main and bkup.
SH ( new ad server) automatically generated a connection to bkup but bkup did not generate one back.  Main however did. So there seems to be errors saying main can't replicat to SH but SH is trying to replicate to Bkup. Can I just change the connectio to match up?
0
 
LVL 37

Expert Comment

by:Mahesh
ID: 39859987
If you want you can create manual connections and check if replication is running properly

If replication is working properly, your manual created connections also should replicate properly

After creating manual connection give some time to active directory and also right click NTDS settings and click check replication topology

Then try to replicate manually, it should work

Mahesh
0
 

Author Comment

by:jtano
ID: 39860044
OK... Thanks for your help!!
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

631 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question