[Last Call] Learn how to a build a cloud-first strategyRegister Now


TCP/IP setting of Domain Controller at different sites

Posted on 2014-08-27
Medium Priority
Last Modified: 2015-05-14
Hi have the following setup with TCP/IP setting in the below addresses.
Will that be any issue with replication? i have address a new site on the AD site & Services.  
On the DNS server, how should i setup?

Site A
Domain Controller A   -  IP address /24 Primary DNS Secondary DNS
Domain Controller B    - IP address /24 Primary DNS Secondary DNS

Remote Site B
Domain Controller C    - IP address /24 Primary DNS Secondary DNS
Domain Controller D    - IP address /24 Primary DNS Secondary DNS
Question by:dnack
LVL 36

Expert Comment

by:Seth Simmons
ID: 40288310
all four should point to itself first and the other server in the same site second
intersite replication should work fine

Author Comment

ID: 40288368
Hi Seth Simmons,

point to itself and point to loop back address is it the same? I saw some MS article that never use the loop back address as the primary.


Can explain why you chose to point to itself first?
LVL 36

Expert Comment

by:Seth Simmons
ID: 40288651
if server A points to B first and B goes down, could be a minor delay waiting for a first response from server B that could trigger some warnings in AD
probably not a huge deal, just something to keep in mind
and yes, best practices analyzer for AD will flag a warning if the loopback is DNS primary
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

LVL 38

Expert Comment

ID: 40288742
You should point DCs own IP (Not loop back address) as primary
LVL 13

Accepted Solution

George Sas earned 2000 total points
ID: 40288784
Your config should look like this :

Site A
Domain Controller A   -  IP address Primary DNS Secondary DNS
Domain Controller B    - IP address Primary DNS Secondary DNS

Remote Site B
Domain Controller C    - IP address Primary DNS Secondary DNS
Domain Controller D    - IP address Primary DNS Secondary DNS

In the sites and services you will have two sites, A and B.
Configure replication for DCA to replicate with DCB (this should be by default) , DCC and DCD.
DCB should replicate with the other 3 and so long.

Check your firewall rules if you have any firewall between the sites to allow RPC replication.
Here is a nice article regarding this :

If RPC not possible then configure it to replicate using IP and set the replication costs between the sites to fit your bandwidth needs.

Hope this helped.


LVL 27

Expert Comment

ID: 40291587
It honestly won't make much difference whether each DC points to itself or the other DC in its site as its preferred DNS server. By default, when a Windows machine issues a DNS query, it waits for all of one second for the preferred server to respond before issuing a second query to the alternate server (and possibly other servers), so that delay really isn't significant. The important thing is that you have them both in there. This is discussed in excruciating detail here, where you'll also learn that the preferred server isn't always queried first.

In addition, you may want to add the servers at the other site as additional DNS servers. If a power outage or other event brings down both DCs at one site, they're both going to experience startup delays if they're only using each other and themselves for DNS, and these delays will be measured in minutes rather than seconds. This is explained at length here. For the same reason, you shouldn't ever reboot both DCs at a site at the same time.

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question