Re: Help! Neophyte in the WIN2003-AD age

From: Doug Sherman [MVP] (dsherman_at_nospam.tampabay.rr.com)
Date: 01/13/05 

Date: Wed, 12 Jan 2005 21:02:06 -0500

1. a. No, b. No. On a LAN the existence of multiple subnets does not imply
a need for multiple DCs or DNS servers. Multiple servers provide
redundancy, and can improve network performance or provide load balancing,
but the need for this on a high speed LAN is related to traffic
demand/volume, not routing.

2. On the client run: echo %logonserver%. As to which DC is likely to
authenticate in an upgraded mixed mode domain, well .......see:

 http://support.microsoft.com/default.aspx?scid=kb;en-us;309273

3. Best practice for remote locations would be to configure Sites and place
a DC at each location. But with only 5 clients, this probably is not cost
effective. MS used to have a recommendation based upon number of clients at
the remote site - can't remember what it was, but it was more than 5. If
the links are reasonably reliable and logon/name resolution performance is
acceptable, I would go without a remote DC.

4. Subnets can help reduce NetBios traffic, and you can further reduce this
by designating master browsers. By default Windows machines are potential
browsers - you turn this off by stopping the computer browser service or by
setting the MaintainServerList value to No in the regisitry:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser\Parameters

You can use the same registry key to set IsDomainMaster on the PDC to TRUE.
For down level clients, it may be helpful to use an lmhosts file, but this
should not be necessary if you have WINS. see:

http://support.microsoft.com/default.aspx?scid=kb;en-us;180094

Doug Sherman
MCSE Win2k/NT4.0, MCSA, MCP+I, MVP

"vidro" <vidro@discussions.microsoft.com> wrote in message
news:F979B454-B5BA-4358-9E35-A46BC8293CD0@microsoft.com...
> This is just a post to ask some general question dealing with win2003, XP,
> network design and architecture.
> I have finely admitted after about 6 months of denial that my network and
> all computer related issues have barreled out of control.
> Up to 16 months ago my network was NT4 on the servers, 5.5 for messaging,
> and a mixer of WIN98 XP and WIN2k workstations.
> I feel like I was pushed in head first to an environment that I was not
> prepared for and still do not have that "warm fuzzy" feeling about.
> It was an application that "the man that signs the checks" wanted to run,
> that started the dominos to fall, this application required Active
> directories.
> Than the push to Exchange 2003, than ISA server, now to object oriented
> design development ( not my job but will require an application portal
> server).
> I have 5 servers, 12 remote locations, and over 250 users that do not
speak
> geekaneez. I have one helpdesk guy, 3 analyst that do not understand the
> words "Documentation" and the phrases "Leave it the H#$% alone" or "do not
> touch". I work for a great company, good owners, but sometimes they come
> across as "Why doesn't this work the way I think it should".
>
> I have some general questions I need to ask so I do not assume things work
> the way I believe.
> These may sound like MCSE test question. Ha-Ha
>
> 1. What is the proper configuration for a single Domain with multiple
local
> subnets?
> a. Should there be a Active directory server on each subnet?
> b. Should there be a DNS on each subnet?
>
> 2. In mixed mode how do you know if an NT4 DC or the WIN2003 AD server is
> doing the authenticating?
>
> 3. In the remote location I have approximately 5 computer per location.
Each
> location has different subnet and uses a Cisco VPN concentrator to attach
to
> Corporate LAN.
> Is it best practice to stick a WIN2003 server at each location?
>
>
> 4. I did a sniff of the LAN network traffic and notice a ton of
"broadcast"
> and "NBT" traffic, should NetBIOS over IP be disable on XP boxes?
> How do I guarantee a specific computer to be the DMB or/and the SMB?
>
> Maybe just a good general questions is what server components required for
> each subnet to obtain adequate logon speed and browser list to shared
> resource?
>

Relevant Pages

  • Re: VPN Gateway
    ... Your setup can only work by using the VPN server as a proxy for the remote. ... Gateway: ... With this configuration i can't ping any of my Lan ip's. ... the same IP subnet as your LAN machines. ...
    (microsoft.public.windows.server.networking)
  • Re: VPN Gateway
    ... Gateway: ... With this configuration i can't ping any of my Lan ip's. ... Since these addresses come from your DHCP server they are in ... To put the remotes in their own subnet you use the static address pool ...
    (microsoft.public.windows.server.networking)
  • Re: SBS two adapter setup with Netopia Router. Help Save my weeked
    ... They were not both plugged into the Netopia. ... > also using as your LAN switch. ... > internal NIC into a different subnet and you should be up. ... >>I am trying to go to a two adapter set up for the SBS server. ...
    (microsoft.public.windows.server.sbs)
  • Re: VPN connection works, lan access fails
    ... "real" routing going on because they are all in the same IP subnet. ... the LAN to pick up replies for the remotes. ... through the VPN server. ...
    (microsoft.public.win2000.ras_routing)
  • Re: Multiple NICs
    ... > I was asked about multiple nic's within the same network address range. ... > That server is not under my administration, and I don't know exactly why it is required to put more than one nic on the same subnet. ... don't need to create a real Etherchannel). ...
    (AIX-L)