Archived from groups: microsoft.public.win2000.active_directory (
More info?)
No that's not what we meant; create the site links yourself, then let the
KCCs generate the connection objects automatically.
The topology will be different once you create the site links.
--
Paul Williams
http://www.msresource.net
http://forums.msresource.net
"jjb" <jjb@discussions.microsoft.com> wrote in message
news:018DDB19-E45F-4634-990A-FEACB6933E9E@microsoft.com...
Last Question:
During all the instructions tips from you and Cary I did not see anything
about creating "Site Links" manually, for example (Hub_To_Site1),
(Hub_To_Site2) etc., Or is this what is meant by "Let you buddy the KCC do
it's thing ( with a little help from the ISTG....based on the information
that you give it )"
"ptwilliams" wrote:
> By default, the remote sites can talk to the other remote sites -but they
> generally won't based on cost.
>
> If you uncheck the "bridge all site links" option, then you disable this
> behaviour.
>
> Neither one is slower (usually). The default will allow for a little more
> resilience in that you can connect to another remote DC if the hub ones
> are
> down. That is, replication will continue if the central DC(s) are down.
>
> Personally I'd stop the transitive (bridged) links. This could, in
> theory,
> cause more WAN traffic than necessary. Of course, if your lines can
> handle
> it then it doesn't matter. I just like to know exactly what's going to go
> where, etc.
>
>
> --
>
> Paul Williams
>
> http://www.msresource.net/
> http://forums.msresource.net/
>
> "jjb" <jjb@discussions.microsoft.com> wrote in message
> news:B5EED879-6611-4225-BCF1-0C81EC6C6741@microsoft.com...
> Cary,
>
> Thank you, just a few more questions.
>
> They are using Netscreen 5-GT VPN\Firewalls at each location to connect to
> the (Hub Site), from what I can tell none of the spokes talk to each other
> directly (via a VPN tunnell), they would have to go through the hub. So,
>
> If this is true, are my planned changes and your modifications to my plan,
> going to be a performance improvement?
>
> Or
>
> If I'm incorrect, and the and the each spoke can talk to each other
> through
> a VPN tunnel directly, and I just not aware of it, should I just leave it
> the
> configuration as it is, or continue with the planned changes?
>
> "Cary Shultz [A.D. MVP]" wrote:
>
> > JJB,
> >
> > Paul is - as usual - right on track.
> >
> > Just to summarize:
> >
> > -Open up the Active Directory Sites and Services MMC.
> > -Create a Site for each location ( call one HQ, one Raleigh, one
> > Blacksburg
> > and one Richmond - naturally replacing with the appropriate name for
> > you! )
> > -Create a Subnet for each location ( 192.168.1.x / 24 for the hub,
> > 192.168.10.x / 24 for Raleigh, 192.168.20.x /24 foMy question is, if the
> > topology I am describing is true, in that true Start (hub and spoke),
> > are
> > my planned configuration changes better.
>
> Orr Blacksburg and
> > 192.168.30.x for Richmond, for example ) and then associate the Subnet
> > with
> > the correct Site.
> > -Change the IP Address of each Server ( DC, Member, etc. ) as necessary
> > and
> > move the DCs to the correct Site in the ADSS MMC.
> > -Make at least one DC a Global Catalog Server ( via the ADSS MMC ).
> > -Don't forget DDNS
> > -Don't forget to correct DHCP
> > Let you buddy the KCC do it's thing ( with a little help from the
> > ISTG....based on the information that you give it )
> >
> > It does not seem that the previous Admin did much in the way of setting
> > up
> > things 'correctly'. However, there might have been a reason for this,
> > who
> > knows.
> >
> > You will also want to make sure that you have set up a Site-to-Site VPNs
> > from the Hub to each of the Spokes. This would be from the Firewall to
> > the
> > Firewall in each office. Obviously, Cisco's PIX can do this as well as
> > the
> > nice little boxes from SonicWall. That is, unless you have a private T1
> > between each Site.....
> >
> > This will make it much more likely that the clients in SiteA will
> > authenticate against a Domain Controller in SiteA and NOT against a
> > Domain
> > Controller in another site ( read: over the WAN ). However, it is not
> > perfect. There will possibly be times when a client in SiteA will
> > authenticate against a DC in another site. Please take a look at the
> > following MSKB article:
> >
> >
http://support.microsoft.com/?id=306602
> >
> > Look at the Generic Records area.....
> >
> > There are also a lot of things that you can do. I would not mind
> > sharing
> > my
> > thoughts if you were interested.
> >
> >
> > --
> > Cary W. Shultz
> > Roanoke, VA 24014
> > Microsoft Active Directory MVP
> >
> >
http://www.activedirectory-win2000.com
> >
http://www.grouppolicy-win2000.com
> >
> >
> >
> > "jjb" <jjb@discussions.microsoft.com> wrote in message
> > news:93AA6101-6AE8-4013-A396-59C72F6BD4B1@microsoft.com...
> > > Thankyou Paul, you have been extremely helpful!
> > >
> > > "ptwilliams" wrote:
> > >
> > >> Yes, if you also take my advice about DNS you will 'localise' traffic
> > >> to
> > >> sites, and therefore reduce the load on the WAN links. The DS-aware
> > >> clients
> > >> will use the local server over others, which is faster. Replication
> > >> will
> > >> happen every three hours as opposed to every five mins ;-) Et
> > >> Cetera...
> > >>
> > >> Licensing: disable it on all servers. You don't need it, and would
> > >> see
> > >> spurious results even if you wanted to use it.
> > >>
> > >> --
> > >>
> > >> Paul Williams
> > >>
> > >> http://www.msresource.net/
> > >> http://forums.msresource.net/
> > >>
> > >> "jjb" <jjb@discussions.microsoft.com> wrote in message
> > >> news:BD71384D-3A5D-4506-B799-6FCAD1AFA295@microsoft.com...
> > >> So, my planned "sites and services" changes should show performance
> > >> improvement, right?
> > >>
> > >> Also, what about the licensing server question?
> > >>
> > >> "ptwilliams" wrote:
> > >>
> > >> > > I have never configured sites and services for a multi site
> > >> > > domain,
> > >> > > but
> > >> > > from what I know about sites is that this configuration is
> > >> > > totally
> > >> > > incorrect.
> > >> >
> > >> > Not so much completely wrong, but simply unconfigured or not setup.
> > >> >
> > >> >
> > >> > > 1) I will change the "sites and services" configuration in the
> > >> > > following
> > >> > > manner:
> > >> > Create four sites, one for each location. Add the DC's for
> > >> > each
> > >> > location to the correct sites. Create subnets for each location
> > >> > and
> > >> > assign
> > >> > them to the correct sites. Make a DC at each location a Global
> > >> > Catalog
> > >> > server, and make one at each location a Bridgehead server.
> > >> > Finally,
> > >> > configure intersite and intrasite partners and replication
> > >> > schedule.
> > >> > Is
> > >> > this OK?
> > >> >
> > >> > This is all correct, but possibly in the wrong order. Create the
> > >> > new
> > >> > sites.
> > >> > Create the new subnets. Associate the subnets with the correct
> > >> > sites.
> > >> > Move
> > >> > the DCs to the correct sites and make them GCs. Also make each DC
> > >> > a
> > >> > DNS
> > >> > server and use AD-Integrated DNS. Ensure that the sites clients
> > >> > (including
> > >> > the DC) are pointing to the local DNS server.
> > >> >
> > >> > With this done, the KCCs on each DC will generate intrasite
> > >> > replication
> > >> > connections, and the designated ISTG will generate intersite
> > >> > connections.
> > >> > You don't need to do anything with regards to the connections other
> > >> > than
> > >> > define costs to the site links. If you want a traditional hub-and
> > >> > spoke
> > >> > topology without transitive links (a replicates with c when the
> > >> > links
> > >> > are
> > >> > AB
> > >> > and BC) then you should disable the 'bridge all site links' option.
> > >> >
> > >> >
> > >> > > 2) Do I need to have a Windows Licensing Server at each site, or
> > >> > > can
> > >> > > three
> > >> > > of the sites use a server a the first site (For example, Sites
> > >> > > 2,3,4
> > >> > > use
> > >> > > Site 1 licensing Server)?
> > >> >
> > >> > No you do not need the licensing server. This is simply for aiding
> > >> > you
> > >> > to
> > >> > track licensing. It doesn't work, and most of us here will
> > >> > recommend
> > >> > you
> > >> > disable it altogether anyway.
> > >> >
> > >> >
> > >> > --
> > >> >
> > >> > Paul Williams
> > >> >
> > >> > http://www.msresource.net/
> > >> > http://forums.msresource.net/
> > >> >
> > >> > "jjb" <jjb@discussions.microsoft.com> wrote in message
> > >> > news:E2132288-7446-438C-97BE-90642A47025D@microsoft.com...
> > >> > I have a new client with the following environment :
> > >> >
> > >> > One domain emcompassing 4 locations. Each location has at least
> > >> > one
> > >> > DC.
> > >> > The DC's are a mixture of Win2000 and 2003 servers. The current
> > >> > "Sites
> > >> > and
> > >> > Services" configuration is setup as follows:
> > >> >
> > >> > One site called "Hub" containing all DC's from each location. One
> > >> > ip/subnet
> > >> > range (10.0.0.0/24) used by all four locations, even though each
> > >> > location
> > >> > has
> > >> > it's own ip address range.
> > >> >
> > >> > I have never configured sites and services for a multi site domain,
> > >> > but
> > >> > from
> > >> > what I know about sites is that this configuration is totally
> > >> > incorrect.
> > >> > Also, I am assumming they are seeing "DC replication" and "user
> > >> > logon"
> > >> > performance issues from this setup. I will not know for sure until
> > >> > I
> > >> > actually start work for them this weekend.
> > >> >
> > >> > I would like input on the following to configuration questions.
> > >> >
> > >> > 1) I will change the "sites and services" configuration in the
> > >> > following
> > >> > manner:
> > >> > Create four sites, one for each location. Add the DC's for
> > >> > each
> > >> > location to the correct sites. Create subnets for each location
> > >> > and
> > >> > assign
> > >> > them to the correct sites. Make a DC at each location a Global
> > >> > Catalog
> > >> > server, and make one at each location a Bridgehead server.
> > >> > Finally,
> > >> > configure intersite and intrasite partners and replication
> > >> > schedule.
> > >> > Is
> > >> > this OK?
> > >> >
> > >> > 2) Do I need to have a Windows Licensing Server at each site, or
> > >> > can
> > >> > three
> > >> > of the sites use a server a the first site (For example, Sites
> > >> > 2,3,4
> > >> > use
> > >> > Site
> > >> > 1 licensing Server)?
> > >> >
> > >> >
> > >> >
> > >>
> > >>
> > >>
> >
> >
> >
>
>
>