Active Directory SIte/Domain Controllers

I need to understand the difference and issues with following scenario :

Two Domain controllers running at different location but belongs to same AD site e.g. Primary DC and DR DC.

Vs

Two Domain controllers running at different location and belongs  to two AD sites e.g. Primary DC at Site A and DR DC at Site B.

Thanks
Mac80Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Seth SimmonsSr. Systems AdministratorCommented:
if you have 2 domain controllers in the same AD site but different physical locations, there could be latency with clients trying to contact it (delayed login, etc.) because of the distance to reach the other domain controller.  clients will first communicate with domain controllers in their own site so if sites and services isn't setup properly, there will be some issues

if they were configured properly in sites and services, clients won't try to contact a domain controller in a different site if one is available in the same site
0
Mac80Author Commented:
Hi Seth,

I wrote this based on a DR scenario e.g. if the whole Primary office goes down running the AD site with two DCs (one located at the same place and other at DR site) Vs two AD sites each having its own DC.

I have been searching on net and getting an idea that for DR , its better to have AD in a separate site. I am not getting a clue why and thats why posted this question.

I am more concern on failover mechanism as if primary site goes down , what will have affect on both of the DC at different locations Vs DC having their own site. How Exchange and other MS services will work etc...

Would appreciate if you can explain that.
0
Will SzymkowskiSenior Solution ArchitectCommented:
Having domain controllers at different Physical sites but in the same AD site is typically not a good idea if you have move then 50ms between the connections. There are different types of replication for domain controllers.

IntRA-Site Replication:
This is the replication that happens between domain controllers is the same AD site. Replication is almost instant with in a couple of seconds to each of the domain controllers within the site. Typically it is best if the DC's are on the same physical LAN so that the replication can happen efficently.

IntER-Site Replication:
This is the replication that happens between Domain Controllers between different AD Sites (which are also known as bridgehead servers). This replication is not instant and the  minimum replicaiton time you can set is every 15 minutes.

Rather than replicating every change from every AD site to each other, Each AD Site will create delta's or USN (update sequence numbers) which indicate what changes have not been replicated. You have more control over putting DC's in to their own AD Site because you can control the replication interval and also which AD Sites you want to replicate to/from.

When you put all of your DC's in to the same AD site the DC's assume that they are on the same LAN and chagne will get replicated instantly to each of the DC's. You can see the issue here if you had a DC that was on the other side of the world (China) and in the same AD site as another DC (LA). They would try and send changes back and forth instantly which they would not be able to keep up due to the latency.

Also, you will have trying to authenticate to either one of those DC's so if an LA user is authenticating with a China DC then the logon process will take much longer.

For additonal detail and explaination on AD Sites and Services I would highly recommend you check out the HowTo that i have published on my Site. It has some vary informative info regarding Sites and Services and hopefully will help explain this in more detail with screenshots and different scenarios.

Two part serise Understanding AD Sites and Services
http://www.wsit.ca/how-tos/active-directory/active-directory-sites-and-services-part-1/

Will.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.