Re: Empty Sites in AD

not taking ANY site aware services into account, have a look at the following 2 scenarios....

(1)
HUB site with three DCs. The subnets in the HUB are linked to the HUB site
Branch Office Site with NO Dc. The subnets in the Branch Office are linked to the Branch Office site

DCs in the HUB site "see" the Branch Office site does not contain any DCs. So these HUB DCs will register their SRV records in DNS for the Branch Office site
Clients look up DCs for their site (Branch Office). The clients will find the registered SRV records by the HUB DCs and use them

(2)
HUB site with three DCs. The subnets in the HUB are linked to the HUB site
The subnets in the Branch Office are linked to the HUB site

Clients look up DCs for their site (HUB). The clients will use the DCs in the HUB site

END RESULT? The same!

However....
When not having ANY site aware services --> (2)
When having site aware services (DFS, DCs, etc) --> (1)



--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* How to ask a question --> http://support.microsoft.com/?id=555375
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test ANY suggestion in a test environment before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------

"DRATliff" <ninjarat@xxxxxxxxxxxxx> wrote in message news:FC4DB1E4-73A8-4B47-BC68-7B77243E0B49@xxxxxxxxxxxxxxxx
Sorry for the delayed response. Jorge, I wasn't intending to discount what
you originally stated on the site-aware services. In all honesty, I was
entirely focused on domain controller availability, and your point just
didn't register.

However, over the weekend I did additional research, and learned that
Microsoft's recommendation is to have a Site for every subnet. Basically,
Sites should mimic the network typology. Is this agreeable?

Also, presuming there are site-aware services, such as DFS (something that
needs to be re-vamped in our org), and I remove the DCs, how do I optimize
authentication traffic for site without DCs? Or is authentication traffic a
non-issue from a performance perspective?

Essentially, I'm going to re-focus my efforts on the following tasks:

1. Remove any Sites that are no longer utilized (I have 29 so far)
2. Demote DCs that are located in Sites without secure access.
3. For Sites that are secured and require high-availability, look to make
redundant services that are required, in the event of a WAN link dropping.

Again, thanks for the assistance.

Dave
"Jorge de Almeida Pinto [MVP - DS]" wrote:

like I said before....

No site-aware services? --> remove that site and add subnets to HUB site
You do have site aware services? --> keep the site with the subnets in AD


--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* How to ask a question --> http://support.microsoft.com/?id=555375
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test ANY suggestion in a test environment before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------

"DRATliff" <ninjarat@xxxxxxxxxxxxx> wrote in message
news:9F562585-3428-4185-A7DF-1CCCD4045D5B@xxxxxxxxxxxxxxxx
> Thanks for everyone's input. Allow me to add an additional twist to > the
> original question.
>
> I've done some additional analysis of the environment, and have found
> approx. 60 sites that exist with Subnets defined but no DC. Correct me > if
> I'm wrong, but wouldn't this cause problems, because clients would
> randomly
> go to other sites for authentication? My thought would be to create > one
> or
> more hub sites (provided they have a large enough pipe), and assign the
> subnets to these hubs. From reading Microsoft's Branch Office > Deployment
> Guide, this seems to make sense.
>
> And as Jorge pointed out, we also have SMS and DFS sites. In sites > with
> DCs, the DCs pull triple duty as SMS and DFS sites. If I demote the
> servers
> and leave them as Member servers, as I'm hoping to do, how should I
> re-arrange the sites?
>
> Lastly, can anyone point me to a Sites and Services Best Practice > guide?
> I've found bits and pieces, but not one concise guide. I'm aware of > the
> basics, such as number of users, available bandwidth and server > security.
> And
> for the record, I'm inheriting this environment and it's not how I > would
> have
> gone about implementing; I'm just looking to improve and simplify the
> environment.
>
> Thanks again,
>
> "David Shen [MSFT]" wrote:
>
>> Hello Jorge,
>>
>> Thanks for the knowledge sharing.
>>
>> David Shen
>> Microsoft Online Partner Support
>>
>>

.

Relevant Pages

  • Re: Empty Sites in AD
    ... HUB site with three DCs. ... The subnets in the HUB are linked to the HUB site ... Branch Office Site with NO Dc. ... DCs in the HUB site "see" the Branch Office site does not contain any DCs. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Empty Sites in AD
    ... HUB site with three DCs. ... The subnets in the HUB are linked to the HUB site ... Branch Office Site with NO Dc. ... DCs in the HUB site "see" the Branch Office site does not contain any DCs. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Active Directory problem
    ... I.e the sites and the subnets. ... > You might also want to configure the DCs in the branch offices not to ... all DCs that have registered the domain wide service records, ... >> pointing to the correct domain controller). ...
    (microsoft.public.windows.server.dns)
  • Re: Empty Sites in AD
    ... you originally stated on the site-aware services. ... authentication traffic for site without DCs? ... Always test ANY suggestion in a test environment before implementing! ... 60 sites that exist with Subnets defined but no DC. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Bridge All Site Links - [WP]
    ... I double checked my subnets and few were missing and I have added them ... "Jorge Silva" wrote: ... topology issue and and not related with Authentication. ... Users are getting authenticated from different DCs 2003 all over the ...
    (microsoft.public.windows.server.active_directory)