AD Sites and Services - DEFAULTIPSITELINK?

I'm trying to sort out my domain controllers in Sits and Services. I'd discovered recently that a subnet has been tied to our HQ site when the subnet network is actually at an offiste location where those servers/VM's are as well. So I don't think that has been optimal over time.

My concern/question is, should the Domain Controllers I move from the HQ site to the other site cause a problem, and changing the changing the site association for the subnet to that proper site, affect logging in?

I created a "Site Link" between these two sites. But there is also a "DEFAULTIPSITELINK" that contains ALL OF the sites, which I'm not sure is needed, optimal, or can be deleted.

This would be mostly server 2008 R2 environment, with a couple 2012 R2 DC's.
garryshapeAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Sushil SonawaneCommented:
If your domain controller map with your are created site then there is no issue. When you promote first domain controller that time default site link is created. You can delete the default site link if you create proper site and subnet in your domain environment.

Please refer below link to under stand for details regarding site and subnet.

https://technet.microsoft.com/en-us/library/cc754697.aspx

http://www.rebeladmin.com/2015/02/why-active-directory-sites-and-subnets/

http://blogs.technet.com/b/canitpro/archive/2015/03/04/step-by-step-setting-up-active-directory-sites-subnets-amp-site-links.aspx

http://www.activewin.com/win2000/step_by_step/active_directory/adsites.shtml
0
Will SzymkowskiSenior Solution ArchitectCommented:
If all of your sites have "physical" connections between each other and they can all communicate then best practice is keeping them all in the DEFAULTSITELINK. The KCC will create connections between these sites and if a DC fails the KCC will re-calculate your site topology and ensure that replication continues to work properly.

You would only create SIte Links when you either want to route traffic between site because of a cost value or if a AD Site does not have a physical connection to another member in the Default site Link.

I have create a Two Part Series on Understanding AD Sites and Services and how to configure this properly. Very informative with screenshots.

See the link below..
http://www.wsit.ca/how-tos/active-directory/active-directory-sites-and-services-part-1/

The link to part two is at the bottom of part one.

Will.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
MaheshArchitectCommented:
Do not keep all sites over DEFAULTSITELINK if you have more than TWO sites even if all sites are connected to each other (mesh topology)
Because you don't want to replicate any site with any other site randomly
Site links are there to control replication between two sites by means of replication schedule, cost and member sites

If you have more than TWO sites, you should create site links equal to number of sites which will give more control on replication
Then remove all other sites from default IP site link except any TWO (normally keep HO site and one spoke site in DEFAULTSITELINK)
Now keep pair of TWO sites in remaining site links (HO site and one spoke site)
HO site should be common in all site links
avoid overlapping of sites in site links, means do not keep any spoke sites in more than one site link unless required in rare case.
Post that latch appropriate subnets with correct CIDR notation to appropriate sites to localize DC discovery and authentication for client computers
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

garryshapeAuthor Commented:
There is one site that is remote and contains domain controllers in it. Problem is subnet for that actual site is tied to our headquarter site, and so that remote site's always being connected to via logins, ad, exchange, etc.
0
garryshapeAuthor Commented:
Do you mean two or more sites? or more than two?
0
Sushil SonawaneCommented:
can you upload your generic diagram of your site and service.

If your problem is subnet then map your subnet to remote site or your HQ site also you can map because single token can authenticate your services like ad exchange.
0
MaheshArchitectCommented:
If you read my earlier comment, it clearly says that "More than TWO sites"

If you have only TWO sites, you don't have to create new site link and defaultitsitelink suffice your purpose
0
garryshapeAuthor Commented:
Ok well I do still want to make sure that DC's in both sites are not being defaulted to for users logging in at one site (don't want users at Site A logging in and their LogonServer being a DC from Site B). Nor do want Exchange using DC's from Site B.
As long as I have the DC's in Site B moved actually placed in the Servers folder of that Site B (in AD Sites & Services), and the Subnet for those DC's is associated to Site B, I should be good?
0
Will SzymkowskiSenior Solution ArchitectCommented:
Have you looked at the HowTo that i have created? I would highly recommend that you reference that to get a full understanding on how to configure your sites correctly.

Will.
0
MaheshArchitectCommented:
If your site to subnet mapping is correct and if subnet CIDR notation is correct, you should not face any issues
Offcource DC should be present in that site.
0
garryshapeAuthor Commented:
Thanks very much, things seem to be working fine now. No replication errors.
I've been testing with "nltest /dsgetsite" on servers to verify site, and echo %logonserver%on clients to verify they're logging on via local site DC's.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.