Question about Domain Controller Connectivity to Different Sites

In my Single Forest, Single Domain AD (2008R2) environment there are several different AD sites, with domain controllers in each site.

Not all sites that contain domain controllers, have network connectivity to other sites.

AD Sites & Services Site Links have been configured for replication between Sites that do have connectivity with one another.

My concern is when running repadmin /replsummary, the domain controllers that do not have connectivity to the DC at a specific site return an error (as expected).  Replication appears to be fine across all sites, and there is no issue, but I was curious as to if this is acceptable configuration in the environment, of if there are any concerns with this long term?

Is there a way to targer the replication health checks to a specific Site Link, so as not to report the failures?

Experienced the following operational errors trying to retrieve replication information:
          58 - DC01-REMOTE2.DOMAIN.COM
          58 - DC01-REMOTE4.DOMAIN.COM
          58 - DC01-REMOTE5.DOMAIN.COM

Thank you in advance.
LVL 1
fireguy1125Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

cshepfamCommented:
The problem with having domain controllers in Active Directory that is not a child domain is that if one of those servers gets removed from their AD improperly, then you will have orphaned DC's aka Tombstones.

This can cause replication issues if replication isn't setup correctly.

If they do not have network connectivity to the primary DC, then I would replication FROM their DC TO the Primary DC.

However, I would make sure replication is setup for the primary DC to their DC and setup a one way trust so that you can always authenticate to their DC's if you ever need to remote in.

Also, I would setup each of their DNS zones to allow zone transfers to the Primary DC and on the Primary DC setup a secondary zone so that you would always have a copy of everyone's DNS.

Honestly, I would take DNS off the Primary DC and create a separate DNS it itself.
Will SzymkowskiSenior Solution ArchitectCommented:
If you setup your AD Sites and Services correctly then you would not get replication failures when you run repadmin /replsum.

I have created a complete HowTo on my site which illustrates exactly how to setup AD Sites and Services where Sites do not have connectivity to each other.

This is a 2 part series. Take a look at Part 1 and 2 make sure that everything is setup properly.
http://www.wsit.ca/how-tos/active-directory/active-directory-sites-and-services-part-1/

Will.
DrDave242Senior Support EngineerCommented:
My concern is when running repadmin /replsummary, the domain controllers that do not have connectivity to the DC at a specific site return an error (as expected).
The KCC should not be creating replication connections between DCs at sites that don't have connectivity to each other. You may want to double-check your site link configuration. In addition to making sure that each site link contains only those sites that are actually connected by the corresponding physical link, make sure you haven't accidentally left everything in the default site link. I've seen that happen more than once.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
fireguy1125Author Commented:
Thanks, looks like we'll have to redesign our Site Links to remove sites out of the default site link that do not have connectivity to all other sites.
Will SzymkowskiSenior Solution ArchitectCommented:
Did you even check out the link i posted? Provides all of the steps.

Will.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.