Re: Choice of creating a DC in a child domain or another DC in the existing domain
From: Cary Shultz [A.D. MVP] (cwshultz_at_mvps.org)
Date: 09/15/04
- Next message: Cary Shultz [A.D. MVP]: "Re: Migrating user to new domain loses local profile"
- Previous message: Cary Shultz [A.D. MVP]: "Re: Apply gpo only on loggin on to Terminal Server"
- In reply to: bluNOboxSPAMthief: "Re: Choice of creating a DC in a child domain or another DC in the existing domain"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 15 Sep 2004 11:47:56 -0400
Bernard,
in-line...
"bluNOboxSPAMthief" <newsgroups-spambaiter@runningIHATEwithSPAMbulls.com>
wrote in message news:slrnckdl7q.fnf.newsgroups-spambaiter@oberena.local...
> Hi Cary,
>
> Firstly many thanks for jumping in! Both your and Tomasz's
> replies have been very informative!
>
> Ok, I'll try and keep up:)
>
> > Anyway, I would generally not suggest that you have a red.widgets.com
and a
> > blue.widgets.com without any really explicit reasons. Does not sound
like
> > you have any.
>
> nope. thats why i asked :)
> >
> > I just do not think that 2MB is fast enough - especially if it is
probably
> > going to be reduced to 1MB in the future. Sounds like you have the VPN
going
> > ( or will have it ). This reduces the available bandwidth as well.
>
> there is a VPN in place currently. they connect to our network via a
netscreen
> firewall and all the routing rules are set there. again a citrix solution
maybe
> necessary here.
>
> My reason for reducing the bandwidth at the remote sites, was because I
did
> not see the necessity of a 2MB line in there.
> My reasons were the following:
> a. they do not browse internet sites (well, should I say, internet
> browsing is not a priority in this office. It can be left to last.
> b. there is a small number of users located here.
> c. if necessary this can be increased very quickly (we have a good
> ISP)
> d. I did not think that AD would replicate too much information across
> the sites. I had hoped it was possible to replicate at a fixed time
> (ideally late PM/early AM)
> >
> > replication and intersite replication. Intrasite Replication is the
> > replication between Domain Controllers that are located in the same
Site.
> > Intersite Replication is the replication between Domain Controllers
located
> > in different Sites. You need multiple Domain Controllers in the same
Site
> > to have Intrasite Replication ( and Tomasz suggested that a best
practice
> > would be to have two DCs in each Site -
>
> in our headoffice we do have 2 DCs, so we have intrasite replication
taking
> place.
> (i am fimilar with this, but as i said, have taken this role on..so I am
> trying to understand it as i go along)
>
> but with 20 users you might have a
> > hard time getting the funds for the second DC....I would strongly
suggest
> > that you try and that you make them aware of the consequences ).
>
> currently there is a small workgroup with a NT server in place. I will
look at
> the possibility of upgrading this to 2K server and using it as a second
DC.
> It may not be such a large problem to get another box..i can word it in a
> persuasive way :)
You could consider upgrading that NT Server to WIN2000 and then making it a
Domain Controller for that Site. That might not be a bad idea. Better
would be to get a new box and do a clean install of WIN2000 and make that
the Domain Controller for that Site. I am not a big fan of upgrades. Well,
for a short period of time it would be okay, but I have seen too many
upgraded servers ( never had a problem with the actual in-place upgrade.
That has always worked just swell! It is after the upgrade that is
problematic ) give me far too many headaches. Generally because 1) the
hardware is a bit older and 2) there is usually a lot of extra cra**
leftover.
> As long as
> > you have multiple Sites you will have Intersite replication.
>
> is it possible to set the time for this? i don't see it being possible, if
all
> the DCs have to have the same information as the others.
Oh, it is very possible and works quite well. You can schedule the
replication to whatever fits your schedule requires ( and WAN links can
handle ). However, there are a few things that can be a bit frustrating.
For example, if you create a user account object in HQ you need to wait
until the Intersite replication takes place before that user account object
actually shows up in the other Sites. So, if HR tells you about a new hire
Monday at 10:15 AM ( and you have already received two phone calls from the
new hire asking about his computer ) and that new hire is in one of the
other Sites you have a nice situation on your hands ( one that can be easily
remedied, but you have to know to do this! ). Or, if you orget to create
that user account object until the phone calls start coming in.....
>
> There will be,
> > in each Site, a Domain Controller that acts as the Bridgehead Server (
> > BHS ). What does this do? The replication between Domain Controllers
in
> > different sites is accomplished through the BHS in each Site. So, in HQ
one
> > of the DCs would be acting as a BHS and the DC in Red would be acting as
BHS
> > for this replication round. These two specific DCs will be replication
> > partners. Well, this sounds obvious since there is only one DC in Red.
But
> > what if you have three or four Domain Controllers in each Site? What DC
is
> > used for the Intersite Replication? Well, the answer everytime is the
DC
> > that is the BHS.
> >
> > Do you want to specify a DC to be a BHS? Probably not. What I mean by
that
> > is our friend the KCC ( Knowledge Consistency Checker ) with its friend
the
> > ISTG will do all of this for you. It sets up everything based on your
Sites
> > and Services setup. If you do manually specify a BHS then I would
suggest
> > that you specify multiple DCs - where they exist - to be the BHS. You
see,
> > if the DC that you specify to be the BHS is not available the KCC is
kinda
> > stuck. You will notice that your Intersite Replication will fail.
>
> so its a sort of round robin system? it trys the last designated BHS and
if
> that not there, it goes to another?
>
> > And, I have saved the best for the last. Active Directory is based on
> > incoming connection objects. This is very important to remember. I
would
> > suggest that you take any two systems ( be it at home or at work ) and
> > install WIN2000 Server, make them DCs and the install the Support Tools
(
> > located on the WIN2000 Server CD as well as the WIN2000 Service Pack CD
in
> > the Support | Tools folder ) and take a look at repadmin /showreps and
> > repadmin /showconn. This will make things a bit more clear for you in
this
> > regard.
>
> maybe a wrong way to look at it cary, but if AD is based on incoming
> connections, then should i have an async connection to the remote office?
> i.e. 1MB out, 500K in? maybe i am looking at it wrongly.
Not sure that it is a wrong way to look at it but not necessarily the right
way ;-) Remember, there are two ends to each replication partner. So, for
one end it is going from left to right while for the other end it is going
from right to left! Does that make any sense to you or do you need another
analogy? Also, know that this AD Replication is compressed. Also know that
changes made in WIN2000 to not replicate like they did in WINNT 4.0. In
WINNT 4.0 if you changed the city attribute on one user account then the
entire user account had to be replicated. In WIN2000 AD if you change the
value to any given attribute ( with CITY being the attribute and KOELN being
the value ) of an object ( in this case a user account object ) then only
that attribute is replicatied - and not the entire object!
>
> thanks in advance for your assistance. you have made things clearer
>
> rgrds,
> bernard
More than glad to help!
Cary
> --
>
- Next message: Cary Shultz [A.D. MVP]: "Re: Migrating user to new domain loses local profile"
- Previous message: Cary Shultz [A.D. MVP]: "Re: Apply gpo only on loggin on to Terminal Server"
- In reply to: bluNOboxSPAMthief: "Re: Choice of creating a DC in a child domain or another DC in the existing domain"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
