Re: Empty Sites in AD
- From: DRATliff <ninjarat@xxxxxxxxxxxxx>
- Date: Tue, 30 Sep 2008 14:46:11 -0700
Thanks Jorge,
I think I'm starting to get it.
"Jorge de Almeida Pinto [MVP - DS]" wrote:
not taking ANY site aware services into account, have a look at the.
following 2 scenarios....
(1)
HUB site with three DCs. The subnets in the HUB are linked to the HUB site
Branch Office Site with NO Dc. The subnets in the Branch Office are linked
to the Branch Office site
DCs in the HUB site "see" the Branch Office site does not contain any DCs.
So these HUB DCs will register their SRV records in DNS for the Branch
Office site
Clients look up DCs for their site (Branch Office). The clients will find
the registered SRV records by the HUB DCs and use them
(2)
HUB site with three DCs. The subnets in the HUB are linked to the HUB site
The subnets in the Branch Office are linked to the HUB site
Clients look up DCs for their site (HUB). The clients will use the DCs in
the HUB site
END RESULT? The same!
However....
When not having ANY site aware services --> (2)
When having site aware services (DFS, DCs, etc) --> (1)
--
Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
# Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #
BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* How to ask a question --> http://support.microsoft.com/?id=555375
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test ANY suggestion in a test environment before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"DRATliff" <ninjarat@xxxxxxxxxxxxx> wrote in message
news:FC4DB1E4-73A8-4B47-BC68-7B77243E0B49@xxxxxxxxxxxxxxxx
Sorry for the delayed response. Jorge, I wasn't intending to discount
what
you originally stated on the site-aware services. In all honesty, I was
entirely focused on domain controller availability, and your point just
didn't register.
However, over the weekend I did additional research, and learned that
Microsoft's recommendation is to have a Site for every subnet. Basically,
Sites should mimic the network typology. Is this agreeable?
Also, presuming there are site-aware services, such as DFS (something that
needs to be re-vamped in our org), and I remove the DCs, how do I optimize
authentication traffic for site without DCs? Or is authentication traffic
a
non-issue from a performance perspective?
Essentially, I'm going to re-focus my efforts on the following tasks:
1. Remove any Sites that are no longer utilized (I have 29 so far)
2. Demote DCs that are located in Sites without secure access.
3. For Sites that are secured and require high-availability, look to make
redundant services that are required, in the event of a WAN link dropping.
Again, thanks for the assistance.
Dave
"Jorge de Almeida Pinto [MVP - DS]" wrote:
like I said before....
No site-aware services? --> remove that site and add subnets to HUB site
You do have site aware services? --> keep the site with the subnets in AD
--
Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
# Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #
BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* How to ask a question --> http://support.microsoft.com/?id=555375
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no
rights!
* Always test ANY suggestion in a test environment before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"DRATliff" <ninjarat@xxxxxxxxxxxxx> wrote in message
news:9F562585-3428-4185-A7DF-1CCCD4045D5B@xxxxxxxxxxxxxxxx
Thanks for everyone's input. Allow me to add an additional twist to
the
original question.
I've done some additional analysis of the environment, and have found
approx. 60 sites that exist with Subnets defined but no DC. Correct me
if
I'm wrong, but wouldn't this cause problems, because clients would
randomly
go to other sites for authentication? My thought would be to create
one
or
more hub sites (provided they have a large enough pipe), and assign the
subnets to these hubs. From reading Microsoft's Branch Office
Deployment
Guide, this seems to make sense.
And as Jorge pointed out, we also have SMS and DFS sites. In sites
with
DCs, the DCs pull triple duty as SMS and DFS sites. If I demote the
servers
and leave them as Member servers, as I'm hoping to do, how should I
re-arrange the sites?
Lastly, can anyone point me to a Sites and Services Best Practice
guide?
I've found bits and pieces, but not one concise guide. I'm aware of
the
basics, such as number of users, available bandwidth and server
security.
And
for the record, I'm inheriting this environment and it's not how I
would
have
gone about implementing; I'm just looking to improve and simplify the
environment.
Thanks again,
"David Shen [MSFT]" wrote:
Hello Jorge,
Thanks for the knowledge sharing.
David Shen
Microsoft Online Partner Support
- Follow-Ups:
- Re: Empty Sites in AD
- From: Jorge de Almeida Pinto [MVP - DS]
- Re: Empty Sites in AD
- Next by Date: AD WMI scripting query
- Next by thread: Re: Empty Sites in AD
- Index(es):
Relevant Pages
|
