Re: Site link and domain infrastrure

really thanks for your advise. Paul

"Paul Bergson" wrote:

Inline



--

Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
http://www.pbbergs.com

This posting is provided "AS IS" with no warranties, and confers no rights.

"Simon" <Simon@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:D1FB16F7-77E0-41AC-8D05-3859290D6519@xxxxxxxxxxxxxxxx
In our existing environment, we have using single forest with multiple
domains of windows 2000 infrastructure. However, in this approach, we have
found that we have difficulties to manage all the domain controllers at
different countries since they have their own domain admin right to do
what
they like. Therefore, we would like to migrate the windows 2000 to windows
2003 so as to centralize all the permissions to some of the administrators
in
the enterprise rather than their local administrators.

For the new infrastructure, I will suggest using single forest with
multiple
domains infrastructure but for the child domain, i will only have one
child
domain. For all the other countries, we will still have domain controllers
in
their sites, but these are the additional domain controllers of the child
domain only. That means they are at least 2 additional DC for each sites.
Total it's around 15 additional DC for that child domain and we will only
grant the permission of the Organizational Unit(OU) for that local
administrators to view the configuration such as users/group accounts
properties. Is that possible or any other suggestions? or still remain the
same infrastructure as before(one root domain and many child domains)?


Unless you have a specific need, why not just set up a single domain within
your forest. At each site provide two DC's for domain functions. I don't
know the size or layout of your organization so will go with your 2 as you
have specified. You can then delegate admin functions to each local it
represenative at either the site or ou level.

coz we will have another child domain later and don't want to put the users
in the root domain.


In my point of view, I would concern about the changes of the domain
controllers of each site. Is that right, for example, if one of the OU's
users is likely to change some properties of the account, then it will
replicate to all the domain controllers that in those countries since they
are in the same level?

Any object changes made to the domain partition within AD (Including users)
will be replicated to all dc's within the domain.


One more thing I would like to ask is the site link between these
countries,
if all the main sites connected to the data centre is a T1 links, is that
the
domain controllers at each site of each country will also need to use site
link to configure it to the data center?


I'm not clear if you are asking if a seperate T1 is needed for the dc's but
they will all use the same T1 line.


if every countries they will have a T1 line connected to the data center. is
there any things that i need to concern?


Moreover, there are some sub-sites in some main countries, however, they
may
only get a (64K WAN link) connected to the main country first and then
route
to the data center? Is that right I need to create a site link that is
contain the main country and data center so that KCC errors will not be
occurred? Is there any replication traffic that I need to concern??


You don't need to have a hub and spoke model, which is to say all sites do
not have to be connected directly to the main site, they can be daisy
chained together and the KCC will define the proper topology for
replication. You may want to evaluate how often replication is occuring if
you only have a 64k link, this can be configured at the site level. This is
pretty small, depending on the size of your AD you should consider upgrading
this link

i am really do not have any experience on site link replication. in the
scenario, you suggest me no need to use hub and spoke model, would you mind
telling me when do i need for site link or site link bridge and also the hub
and spoke model?

Do you mean that the ISTG will calculate the topolgy for that? if yes, will
the 64K link's site will have all the automatically generated connection
linked in AD sites and servies to all other countries dc? is that will
consume a huge amount of WAN traffic between different sites since the
routing is goto the main country first and then to the data centre?

if i want that 64K's site to replicate only with the main country DC, is
that possible?

Thanks very much.





Thanks very much.





.

Relevant Pages

  • Re: Site link and domain infrastrure
    ... i would like to ask more questions about the site link. ... For all the other countries, we will still have domain controllers ... Total it's around 15 additional DC for that child domain and we will only ... Is there any replication traffic that I need to concern?? ...
    (microsoft.public.windows.server.active_directory)
  • Re: Questions regarding replication connections
    ... Let me start by saying that if you have 3 different subnets and 3 different sites you should create 1 subnet for each different site, remember you can have multiple subnets assigned to one site, but you CAN'T have more than 1 site assigned to the same subnet. ... Also note that Sites and subnets play a very important role in user authentication, AD replication, File replication, COs, etc... ... The Knowledge Consistency Checker uses site link configuration information to enable and optimize replication traffic by generating a least-cost replication topology. ... have a high-speed connection such as a T1 and a dial-up link in case the T1 ...
    (microsoft.public.windows.server.active_directory)
  • Re: Controling intersite replication in ADAM
    ... I selected no replication for both new sitelink object ... I read the doc which said Default there is a DEFAULTIPSITELINK Site Link ... > an ADAM instance belonging to the site link for which you want to configure ... In the console tree, double-click the sites container ...
    (microsoft.public.windows.server.active_directory)
  • RE: Replication Topology Redesign
    ... Planning Replication for Branch Office Environments ... newsgroups are focused on break-fix scenarios, and as such the support we ... | one of the core servers in that site link? ...
    (microsoft.public.win2000.active_directory)
  • Re: Remote site not replicating after ISA upgrade
    ... Both ISA and AD are configured in hub and spoke layout. ... replication traffic that is being blocked by ISA. ... Can you give more Detailed Info about ISA Remote site configuration? ... When you increase the cost for site link, you should pay attention, ...
    (microsoft.public.windows.server.active_directory)