Re: AD site design - Finalized

From: Elvis (anonymous_at_discussions.microsoft.com)
Date: 08/04/04 

Date: Wed, 4 Aug 2004 14:09:30 -0700

Hi Phil,

Your thought process of authenticating across the WAN is
very interesting and thats what we are doing for offices
of 10 people or less. Thank you for clarifying these
concepts with me. I now have a clear understanding, and
can proceed.
ALL help on this matter is greatly appreciated. This is
the reason why I choose Microsoft products, Its not the
software, its the people!!!
Thanks you all so much
Elvis
>-----Original Message-----
>When you have more than one site the replication between
DCs in those different sites is known as Intersite
replication. If you have more than one DC in the same
site then replication between those DCs is Intrasite
replication. You can have both types of replication in
your environment, it is just based on where the DCs are.
Again I want to point out though, having multiple sites
reduces WAN traffic from authentication, but will
increase WAN traffic from replication. You need to look
at your environment and figure out which of the two will
mean more WAN traffic and design your site layout
accordingly.
>
>Yes, if the local DC is unavailable the clients will
query DNS for other available DCs to authenticate
against. This provides the redundancy.
>
>Phil
>
>"Elvis" wrote:
>
>> Hi Phil,
>>
>> Thanks for that....thats the answer I am looking for.
So
>> in order to reduce bandwidth usage for user
>> authentication I should break each office location
down
>> into sites...then each user would authenticate to the
>> domain controller in his site (gaurenteed) This as I
>> understand it is INTERSITE replication. Would I be
>> correct in saying that with Intersite replication, if
the
>> site domain controller is unavailable the clients in
that
>> site will start to look for DC's in other sites to
>> authenticate and this provides redundancy?
>> Your help is greatly appreciated.
>> Thanking You
>> Elvis
>> >-----Original Message-----
>> >You can.
>> >
>> >The draw back is that when you consider it as one
site
>> your clients act like it is one site and will
>> authenticate to any DC in that site, not necessarily
the
>> one on the same subnet. That is by design and
something
>> that is controlled by your site design.
>> >
>> >Even though you have 30 sites that doesn't mean that
you
>> have to have either 1 site or 30 sites. You can
>> consolidate well connected sites into one common site
and
>> break the 30 up. Perhaps you have 10 sites that need a
>> local dc and 20 sites that don't: you can create one
site
>> for the 20 locations that don't need a DC and create
10
>> sites for the ones that do.
>> >
>> >You can be as flexible with this as you want to be.
>> >
>> >Phil
>> >
>> >"Elvis" wrote:
>> >
>> >> Hi Cary,
>> >>
>> >> You have defnitely made things a lot clearer for me
>> and I
>> >> fully understand your argument....let me try and
>> refine
>> >> my statement. Why can't I treat my WAN as 1 site.
Even
>> >> thought the geopgraphical locations of the 30 sites
>> are
>> >> different, why can't I consider the whole WAN as 1
>> site?
>> >> even though Domain controller 1 is in Dallas and
>> Domain
>> >> controller 2 is in Texas, and they have a 10MB wan
>> link
>> >> between them, why can't they logically be
considered
>> as 1
>> >> site? I hope I have refined my question.....
>> >> Your help has been greatly appreciated.
>> >> Thanking You
>> >> Elvis
>> >> >-----Original Message-----
>> >> >Elvis,
>> >> >
>> >> >I am sure that this is just a semantics thing.....
>> >> >
>> >> >If you have just one Site as defined in ADSS then
>> there
>> >> will be no Intersite
>> >> >replication. It would be all Intrasite
replication.
>> If
>> >> you set up multiple
>> >> >Sites then you have Intersite replication as well
as
>> >> Intrasite replication
>> >> >( possibly ) - Intrasite replication in the event
>> that
>> >> you have multiple
>> >> >Domain Controllers in the same site ( as I
described
>> in
>> >> a previous post )
>> >> >and then the Intersite replication between the BHS
in
>> >> the various Sites....
>> >> >
>> >> >I am a bit confused by your argumentation.....
>> >> >
>> >> >Cary
>> >> >
>> >> >"Elvis" <anonymous@discussions.microsoft.com>
wrote
>> in
>> >> message
>> >> >news:c59901c47a3a$3abe2c10$a501280a@phx.gbl...
>> >> >> Hi Cary and Dave,
>> >> >>
>> >> >> To summerize, I have 30 sites (branch Office)
with
>> >> about
>> >> >> 30-50 users per site, My worst WAN link is an
ADSL
>> with
>> >> >> 1.2MB down and 880Kb up.(total of about 2000
users)
>> I
>> >> >> have enough hardware resources for this. Cary
you
>> are
>> >> >> correct in your statements....its either have
one
>> big
>> >> >> site or have 30 sites....The only disadvantage
of
>> not
>> >> >> using the sites/subnets in AD sites and servers
>> would
>> >> be
>> >> >> authentication traffic could be high...I was
>> assuming
>> >> >> that if I had just one big site the workstations
in
>> >> each
>> >> >> branch office would know that the DC in their
branch
>> >> >> office is the closest and authenticate
>> >> there.....however
>> >> >> this is not the case....in one big site some of
the
>> >> >> workstations authenticate to DC's at other sites
>> >> (Across
>> >> >> the WAN)...I would prefer to use INTRASITE
>> Replication
>> >> >> for its ease of use but I think I am going to
have
>> to
>> >> use
>> >> >> INTRASITE replication to ensure that usuers
logon
>> to
>> >> the
>> >> >> server in their branch office. INTERSITE
>> replication
>> >> can
>> >> >> not gaurentee this.
>> >> >> Thanking You
>> >> >> Elvis
>> >> >> MCSE NT4.0/2000
>> >> >> >-----Original Message-----
>> >> >> >Elvis,
>> >> >> >
>> >> >> >One more thing that I should add.
>> >> >> >
>> >> >> >I might be really interested in having a Server
in
>> >> each
>> >> >> Site. Whether that
>> >> >> >is a Domain Controller or not is not the point
of
>> >> >> interest here. I am
>> >> >> >talking about a File Server. I can tell you
from
>> >> >> experience that users in
>> >> >> >one Site saving Word Documents or Excel
>> Spreadsheets
>> >> >> over a dedicated full
>> >> >> >T1 to a File Server in another Site will lead to
>> >> >> problems for you. You
>> >> >> >might want to really consider having a File
Server
>> for
>> >> >> the 'local' users
>> >> >> >files in each Site....regardless of which route
you
>> >> >> choose.
>> >> >> >
>> >> >> >BTW - have you looked at the Brach Office White
>> Paper?
>> >> >> This will give you
>> >> >> >some outstanding information which would really
>> help
>> >> you
>> >> >> in making the best
>> >> >> >decision for your company.
>> >> >> >
>> >> >> >HTH,
>> >> >> >
>> >> >> >Cary
>> >> >> >
>> >> >> >"Cary Shultz [A.D. MVP]" <cwshultz@mvps.org>
wrote
>> in
>> >> >> message
>> >> >> >news:%23Puq9mceEHA.4068@TK2MSFTNGP11.phx.gbl...
>> >> >> >> Elvis,
>> >> >> >>
>> >> >> >> I just want to make sure that you are clear
on
>> the
>> >> >> difference between
>> >> >> >> Intrasite Replication and Intersite
>> Replication. I
>> >> >> take it from your post
>> >> >> >> that you are asking "Should I have only one
Site
>> (
>> >> >> Intrasite ) or should I
>> >> >> >> have multiple Sites ( Intersite )?"
>> >> >> >>
>> >> >> >> In WIN2000 Active Directory there are
>> potentially
>> >> two
>> >> >> types of
>> >> >> >replication:
>> >> >> >> intrasite and intersite.
>> >> >> >>
>> >> >> >> Intrasite Replication is the replication
between
>> the
>> >> >> Domain Controllers in
>> >> >> >> the same Site. Intersite Replication is the
>> >> >> replication that occurs
>> >> >> >between
>> >> >> >> Sites.
>> >> >> >>
>> >> >> >> So, if you have three Sites with three Domain
>> >> >> Controllers in each Site (
>> >> >> >> let's assume that we are talking about only
one
>> >> >> Domain ) then the three
>> >> >> >> Domain Controllers in Site1 will replicate
>> amongst
>> >> >> themselves.
>> >> >> >> Additionally, the three Domain Controllers in
>> Site2
>> >> >> will replicate amongst
>> >> >> >> themselves. Finally, the three Domain
>> Controllers
>> >> in
>> >> >> Site3 will replicate
>> >> >> >> amongst themselves. This is the Intrasite
>> >> >> Replication. It happens
>> >> >> >pretty
>> >> >> >> quickly and you can control that via the
>> Replication
>> >> >> Schedule.
>> >> >> >>
>> >> >> >> In each of the Sites one of the Domain
>> Controllers
>> >> >> will be a so-called
>> >> >> >> Bridgehead Server. So, the DC that is the
BHS
>> for
>> >> >> Site1 will be the
>> >> >> >> replication partner with the BHS from Site2
and
>> the
>> >> >> replication partner
>> >> >> >with
>> >> >> >> the BHS from Site3 ( well, probably ). This
is
>> the
>> >> >> Intersite Replication.
>> >> >> >> It only occurs between the BHSs from each
Site.
>> >> Each
>> >> >> BHS will then
>> >> >> >> replicate the necessary changes to the other
DCs
>> in
>> >> >> its Site. This
>> >> >> >> replication, by default, happens every 180
>> minutes
>> >> ( 3
>> >> >> hours ) but that
>> >> >> >can
>> >> >> >> be controlled via the Replication Schedule as
>> well.
>> >> >> >>
>> >> >> >> In either case our friend the KCC helps out
with
>> all
>> >> >> of this. There is
>> >> >> >not
>> >> >> >> much for you to do ( save make the Site Links
if
>> you
>> >> >> have multiple
>> >> >> >Sites ).
>> >> >> >>
>> >> >> >> Moreover, there are three partitions, or
Naming
>> >> >> Contexts: the Schema
>> >> >> >> Partition, the Configuration Partition and
the
>> >> Domain
>> >> >> Partition. The
>> >> >> >Schema
>> >> >> >> NC and the Configuration NC will replicate to
all
>> >> >> Domain Controllers in
>> >> >> >the
>> >> >> >> entire Forest. The Domain NC will replicate
to
>> all
>> >> of
>> >> >> the Domain
>> >> >> >> Controllers in each respective Domain. This
>> >> >> replication is compressed
>> >> >> >over
>> >> >> >> WAN links....
>> >> >> >>
>> >> >> >> Please remember that you use Sites for two
main
>> >> >> reasons: to control Active
>> >> >> >> Directory Replication and to assist in
speeding
>> up
>> >> >> user logons.
>> >> >> >>
>> >> >> >> I hope that this sheds a little light on the
>> >> situation
>> >> >> for you ( if it was
>> >> >> >> needed at all ).
>> >> >> >>
>> >> >> >> Cary
>> >> >> >>
>> >> >> >>
>> >> >> >> "Elvis" <anonymous@discussions.microsoft.com>
>> wrote
>> >> in
>> >> >> message
>> >> >> >> news:ad0001c47965$af5e57f0$a501280a@phx.gbl...
>> >> >> >> > Hi,
>> >> >> >> >
>> >> >> >> > I am designing an AD site topology for 30
>> sites
>> >> with
>> >> >> >> > approx 30-50 users per site over T1
>> >> >> lines....connected
>> >> >> >> > hub and spoke. Do you think its better to do
>> >> >> INTERSITE or
>> >> >> >> > INTRASITE replication? Should I break each
>> office
>> >> >> >> > location into its own site/subnet or should
I
>> >> >> consider
>> >> >> >> > all office locations to be under 1 big
site.
>> We
>> >> are
>> >> >> using
>> >> >> >> > single domain single forest. Any advice
would
>> be
>> >> >> greatly
>> >> >> >> > appreciated.
>> >> >> >> >
>> >> >> >> > Thanking You
>> >> >> >> > Elvis
>> >> >> >>
>> >> >> >>
>> >> >> >
>> >> >> >
>> >> >> >.
>> >> >> >
>> >> >
>> >> >
>> >> >.
>> >> >
>> >>
>> >.
>> >
>>
>.
>