Solved

Sites and services without NTDS settings

Posted on 2014-12-22
2
190 Views
Last Modified: 2014-12-23
Hello Experts,

I have a customer that AD is running into some replication issues. After further investigation, we realized that Inside Active Directory Sites and Subnets are listed two servers. Server 2 and Server 2 which are not currently Domain Controllers.

They are listed inside sites and services but do not contain the NTDS settings that would associate it to DC authentications. The result is that it may take longer for clients to authenticate from the sites those servers are associated to.


Below are the IP sites those servers are currently configured for.
• Server1 – Site 10.21.0.0/16
• Server2 – Site 10.100.0.0/16


Would it be OK if I remove those sites?

How can I validate that there are no users/computers authenticating against those sites? Any way to prevent this and make sure they will pick another DC?

Do you believe that by removing those sites that could fix our replication issues?

Please advise
0
Comment
Question by:Jerry Seinfield
2 Comments
 
LVL 14

Accepted Solution

by:
Brad Groux earned 250 total points
ID: 40513182

1.

You can have a site without domain controllers.

2.

Site costing is the only way site settings affect authentication, but is generally no longer needed with today's abundance of bandwidth.

3.

The KCC (Knowledge Consistency Checker) determines authentication responses from domain controllers... and YOU ARE NOTE SMARTER THAN THE KCC.
Long story short, the only way having computers in a separate site will affect replication times is if Site Costing is enabled, and in this day and age for most environments, site costing is a waste of time and effort. See Troubleshooting Active Directory Replication Problems for the proper course of action.
0
 
LVL 10

Assisted Solution

by:Walter Padrón
Walter Padrón earned 250 total points
ID: 40513323
You can remove the Servers if they aren't DCs anymore.

You can remove the Sites but ensure that
- The Subnets assigned to this site now points to a Site with a working DC.
- You don't have a Group Policy Object applied to the Site

You must also check the DNS zone _msdcs.yourdomain.com for staled or wrong records pointing to non-existing DCs, do the same in your domainname.com zone for NS records.
0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A safe way to clean winsxs folder from your windows server 2008 R2 editions
This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question