Solved

Sites and services without NTDS settings

Posted on 2014-12-22
2
192 Views
Last Modified: 2014-12-23
Hello Experts,

I have a customer that AD is running into some replication issues. After further investigation, we realized that Inside Active Directory Sites and Subnets are listed two servers. Server 2 and Server 2 which are not currently Domain Controllers.

They are listed inside sites and services but do not contain the NTDS settings that would associate it to DC authentications. The result is that it may take longer for clients to authenticate from the sites those servers are associated to.


Below are the IP sites those servers are currently configured for.
• Server1 – Site 10.21.0.0/16
• Server2 – Site 10.100.0.0/16


Would it be OK if I remove those sites?

How can I validate that there are no users/computers authenticating against those sites? Any way to prevent this and make sure they will pick another DC?

Do you believe that by removing those sites that could fix our replication issues?

Please advise
0
Comment
Question by:Jerry Seinfield
2 Comments
 
LVL 14

Accepted Solution

by:
Brad Groux earned 250 total points
ID: 40513182

1.

You can have a site without domain controllers.

2.

Site costing is the only way site settings affect authentication, but is generally no longer needed with today's abundance of bandwidth.

3.

The KCC (Knowledge Consistency Checker) determines authentication responses from domain controllers... and YOU ARE NOTE SMARTER THAN THE KCC.
Long story short, the only way having computers in a separate site will affect replication times is if Site Costing is enabled, and in this day and age for most environments, site costing is a waste of time and effort. See Troubleshooting Active Directory Replication Problems for the proper course of action.
0
 
LVL 10

Assisted Solution

by:Walter Padrón
Walter Padrón earned 250 total points
ID: 40513323
You can remove the Servers if they aren't DCs anymore.

You can remove the Sites but ensure that
- The Subnets assigned to this site now points to a Site with a working DC.
- You don't have a Group Policy Object applied to the Site

You must also check the DNS zone _msdcs.yourdomain.com for staled or wrong records pointing to non-existing DCs, do the same in your domainname.com zone for NS records.
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
AD and Exchnage 2010 Photos 3 42
File Screening 1 15
Shared Mailboxes in Exchange 2010 2 23
Remote start and stop of service 3 9
A safe way to clean winsxs folder from your windows server 2008 R2 editions
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question