Solved

Domain site configuration

Posted on 2014-04-29
1
180 Views
Last Modified: 2014-05-28
Hi all,

Ive never been quite sure whether my domain has the correct or optimal site configuration. My infrastructure consists of the following:

2003 domain with 2008 DC's

Site1: contain 70% servers has 2 domain controller. Contains all FSMO roles
Site2: Datacenter - no users. Termination of VPN users and main connection for or MPLS networks for WAN

Site3: Germany. 2008DC and Users
Site4: France. 2008 DC and users

Basically when I setup a domain controlelr on another site it will automatically create the site connection to Site2 as that is the closet DC it will find on the MPLS network.

The problem with this it seem to create an extra step as most of our servers are Site1. So it a user changes a password on a remote site (site3) it has to replicate to site 2 before it then replicates to site1. For example this causes lots of problems when logging onto citrix servers in site1.

I have left the default setting within sites and services for replicating once every hour and all connections are automatically generated. Is it best practice to change these?
0
Comment
Question by:Matt
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 25

Accepted Solution

by:
Coralon earned 500 total points
ID: 40031154
A lot depends on your connectivity between the sites.  With only 4, you could reasonably do a fully meshed network.  The KCC will generally create a pretty good layout for most people.

Now, that being said, you do need to assign appropriate costs to your site links, and you should absolutely have a DC in every site.   (Remember, by MS terminology, a site is a group of well connected networks).  IF you don't have a DC at a location, then it should belong to another site. So, with your description, you should have 3 sites currently.  

If your connections are best to the datacenter (despite the MPLS), then I'd put a couple of DC's in your data center, and move your FSMO roles there (with the normal 3/2 split for the roles).  Then, I would go with a hub & spoke architecture.  You will want to 'elect' one of your DataCenter DC's as the 'primary' DNS (the one with the PDC emulator on it).  You will point that DC at itself only for DNS.  All of the other DC's will point to that 'primary' DC for their own DNS, and then themselves as a secondary.  

Your password changes should replicate immediately to the PDC emulator (which is why you want to move that to the DataCenter (assuming that is where your Citrix servers are),  that way they all happen immediately).  If your links would allow it, I'd drop your replication cycle time as much as you *reasonably* can..  If you have the bandwidth, you could go to the minimum of 15 minutes.. but that may be too aggressive.  

Now, your KCC should figure it out if you cost it out correctly, but if not, you could override it.
Let's call it like this:
SiteA - Datacenter
SiteB - HQ
SiteC - France
SiteD - Germany

Then, I'd put your link costs something like this:
A-B - 20
A-C - 20
A-D - 20
B-C - 50
B-D - 50
C-D - 40
(All based on your HQ & Datacenter being in the same country and having the best (lowest) latency).

That should really do it for you.. Now - making all these changes will be disruptive obviously, and you'll have to give it time to settle down.  So, given that, I'd start on a Friday night of a 3 day weekend (for all of your sites) if you can.  Get the settings out there, and wait :-)

Coralon
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I had a question today where the user wanted to know how to delete an SSL Certificate, so I thought that I would quickly add this How to! Article for your reference. WHY WOULD YOU WANT TO DELETE A CERTIFICATE? 1. If an incorrect certificate was …
You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
Suggested Courses

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question