Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 232
  • Last Modified:

Sites and services without NTDS settings

Hello Experts,

I have a customer that AD is running into some replication issues. After further investigation, we realized that Inside Active Directory Sites and Subnets are listed two servers. Server 2 and Server 2 which are not currently Domain Controllers.

They are listed inside sites and services but do not contain the NTDS settings that would associate it to DC authentications. The result is that it may take longer for clients to authenticate from the sites those servers are associated to.


Below are the IP sites those servers are currently configured for.
• Server1 – Site 10.21.0.0/16
• Server2 – Site 10.100.0.0/16


Would it be OK if I remove those sites?

How can I validate that there are no users/computers authenticating against those sites? Any way to prevent this and make sure they will pick another DC?

Do you believe that by removing those sites that could fix our replication issues?

Please advise
0
Jerry Seinfield
Asked:
Jerry Seinfield
2 Solutions
 
Brad GrouxSenior Manager (Wintel Engineering)Commented:

1.

You can have a site without domain controllers.

2.

Site costing is the only way site settings affect authentication, but is generally no longer needed with today's abundance of bandwidth.

3.

The KCC (Knowledge Consistency Checker) determines authentication responses from domain controllers... and YOU ARE NOTE SMARTER THAN THE KCC.
Long story short, the only way having computers in a separate site will affect replication times is if Site Costing is enabled, and in this day and age for most environments, site costing is a waste of time and effort. See Troubleshooting Active Directory Replication Problems for the proper course of action.
0
 
Walter PadrónCommented:
You can remove the Servers if they aren't DCs anymore.

You can remove the Sites but ensure that
- The Subnets assigned to this site now points to a Site with a working DC.
- You don't have a Group Policy Object applied to the Site

You must also check the DNS zone _msdcs.yourdomain.com for staled or wrong records pointing to non-existing DCs, do the same in your domainname.com zone for NS records.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Easily Design & Build Your Next Website

Squarespace’s all-in-one platform gives you everything you need to express yourself creatively online, whether it is with a domain, website, or online store. Get started with your free trial today, and when ready, take 10% off your first purchase with offer code 'EXPERTS'.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now