Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » 2 schools of thought
2 schools of thought [message #337285] Mon, 07 December 2009 07:35 Go to next message
Steve  is currently offline Steve
Messages: 434
Registered: August 2009
Senior Member
by definition sites and services is a connection of highly connected
computers, to a DC. So ideally a physical site would have a DC or at least a
10Mbps connection to a DC. However we have remote offices with no DC on a T1.

Some would use sites and services to point them to a DC and some would not
and rather rely on the most available DC.

Our environment consists of a national fully meshed IP network.

Please let me know what would bethe BEST PRACTICE, thanks.
--
Re: 2 schools of thought [message #337429 is a reply to message #337285] Mon, 07 December 2009 10:57 Go to previous messageGo to next message
florian  is currently offline florian  Germany
Messages: 484
Registered: July 2009
Senior Member
Steve,

Steve schrieb:
> by definition sites and services is a connection of highly connected
> computers, to a DC. So ideally a physical site would have a DC or at least a
> 10Mbps connection to a DC. However we have remote offices with no DC on a T1.
>
> Some would use sites and services to point them to a DC and some would not
> and rather rely on the most available DC.
>
> Our environment consists of a national fully meshed IP network.

If the links are okay and reliable, I wouldn't put any further efforts
in there. By default, DCs from other sites will notice that there's a
site without a DC. The best-connected DCs (that's made up from the cost
between the sites) will register their SRV-records for the DC-less site
so that they're getting picked when clients search for DCs to
authenticate to.

If you feel like the line is too small to carry the whole authentication
traffic, you'd probably want to place a DC over there.

Cheers,
Florian
--
Microsoft MVP - Group Policy
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
ANY advice you get on the Newsgroups should be tested thoroughly in your
lab.
Re: 2 schools of thought [message #338173 is a reply to message #337285] Tue, 08 December 2009 06:16 Go to previous messageGo to next message
pbbergs  is currently offline pbbergs  United States
Messages: 1024
Registered: July 2009
Senior Member
If a remote site has only a few users and no applications that rely on a
global catalog, you would probably be best to not have a dc at this site.
Once you approach (IIRC) 50 users and/or have a site aware application you
should then consider a dc at this location.

http://technet.microsoft.com/en-us/library/cc755768(WS.10).aspx

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
Microsoft's Thrive IT Pro of the Month - June 2009

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.

"Steve" <Steve@discussions.microsoft.com> wrote in message
news:C7743534-A64C-4D62-9DE7-285404CFF134@microsoft.com...
> by definition sites and services is a connection of highly connected
> computers, to a DC. So ideally a physical site would have a DC or at least
> a
> 10Mbps connection to a DC. However we have remote offices with no DC on a
> T1.
>
> Some would use sites and services to point them to a DC and some would not
> and rather rely on the most available DC.
>
> Our environment consists of a national fully meshed IP network.
>
> Please let me know what would bethe BEST PRACTICE, thanks.
> --
>
Re: 2 schools of thought [message #339958 is a reply to message #337429] Thu, 10 December 2009 07:15 Go to previous messageGo to next message
Steve  is currently offline Steve
Messages: 434
Registered: August 2009
Senior Member
I tend to agree.
So I do not need to map those subnets (no DC over T1) to any sites then
right? Thanks.


"Florian Frommherz [MVP]" wrote:

> Steve,
>
> Steve schrieb:
> > by definition sites and services is a connection of highly connected
> > computers, to a DC. So ideally a physical site would have a DC or at least a
> > 10Mbps connection to a DC. However we have remote offices with no DC on a T1.
> >
> > Some would use sites and services to point them to a DC and some would not
> > and rather rely on the most available DC.
> >
> > Our environment consists of a national fully meshed IP network.
>
> If the links are okay and reliable, I wouldn't put any further efforts
> in there. By default, DCs from other sites will notice that there's a
> site without a DC. The best-connected DCs (that's made up from the cost
> between the sites) will register their SRV-records for the DC-less site
> so that they're getting picked when clients search for DCs to
> authenticate to.
>
> If you feel like the line is too small to carry the whole authentication
> traffic, you'd probably want to place a DC over there.
>
> Cheers,
> Florian
> --
> Microsoft MVP - Group Policy
> eMail: prename [at] frickelsoft [dot] net.
> blog: http://www.frickelsoft.net/blog.
> ANY advice you get on the Newsgroups should be tested thoroughly in your
> lab.
> .
>
Re: 2 schools of thought [message #340043 is a reply to message #338173] Thu, 10 December 2009 08:55 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"Paul Bergson [MVP-DS]" <pbbergs@no_spammsn.com> wrote in message
news:u2Iw1iAeKHA.4952@TK2MSFTNGP06.phx.gbl...
> If a remote site has only a few users and no applications that rely on a
> global catalog, you would probably be best to not have a dc at this site.
> Once you approach (IIRC) 50 users and/or have a site aware application you
> should then consider a dc at this location.
>
> http://technet.microsoft.com/en-us/library/cc755768(WS.10).aspx

Just an FYI, actually all the Microsoft AD courseware for 2000, 2003 & 2008
state the magic number (of users at a site) to consider a placing a DC/GC,
is 10. I would have to dig it all up and quote from the courseware, but
that's what stated.


--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among
responding engineers, and to help others benefit from your resolution.

Ace Fekay, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA
2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer

For urgent issues, please contact Microsoft PSS directly. Please check
http://support.microsoft.com for regional support phone numbers.
Re: 2 schools of thought [message #340931 is a reply to message #340043] Fri, 11 December 2009 06:44 Go to previous messageGo to next message
pbbergs  is currently offline pbbergs  United States
Messages: 1024
Registered: July 2009
Senior Member
Actually it can go as high as 100.

"Number of users and usage profiles
-------------------------------------
The number of users and their usage profiles at a given location can help
determine whether you need to place regional domain controllers at that
location. To avoid productivity loss if a WAN link fails, place a regional
domain controller at a location that has 100 or more users."

From:
http://technet.microsoft.com/en-us/library/cc731569(WS.10).aspx

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
Microsoft's Thrive IT Pro of the Month - June 2009

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.

"Ace Fekay [MCT]" <aceman@mvps.RemoveThisPart.org> wrote in message
news:uvWA5EbeKHA.2780@TK2MSFTNGP05.phx.gbl...
> "Paul Bergson [MVP-DS]" <pbbergs@no_spammsn.com> wrote in message
> news:u2Iw1iAeKHA.4952@TK2MSFTNGP06.phx.gbl...
>> If a remote site has only a few users and no applications that rely on a
>> global catalog, you would probably be best to not have a dc at this site.
>> Once you approach (IIRC) 50 users and/or have a site aware application
>> you should then consider a dc at this location.
>>
>> http://technet.microsoft.com/en-us/library/cc755768(WS.10).aspx
>
> Just an FYI, actually all the Microsoft AD courseware for 2000, 2003 &
> 2008 state the magic number (of users at a site) to consider a placing a
> DC/GC, is 10. I would have to dig it all up and quote from the courseware,
> but that's what stated.
>
>
> --
> Ace
>
> This posting is provided "AS-IS" with no warranties or guarantees and
> confers no rights.
>
> Please reply back to the newsgroup or forum for collaboration benefit
> among responding engineers, and to help others benefit from your
> resolution.
>
> Ace Fekay, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA
> 2003/2000, MCSA Messaging 2003
> Microsoft Certified Trainer
>
> For urgent issues, please contact Microsoft PSS directly. Please check
> http://support.microsoft.com for regional support phone numbers.
>
Re: 2 schools of thought [message #340996 is a reply to message #340931] Fri, 11 December 2009 08:04 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"Paul Bergson [MVP-DS]" <pbbergs@no_spammsn.com> wrote in message
news:ed9HjgmeKHA.2160@TK2MSFTNGP02.phx.gbl...
> Actually it can go as high as 100.
>
> "Number of users and usage profiles
> -------------------------------------
> The number of users and their usage profiles at a given location can help
> determine whether you need to place regional domain controllers at that
> location. To avoid productivity loss if a WAN link fails, place a regional
> domain controller at a location that has 100 or more users."
>
> From:
> http://technet.microsoft.com/en-us/library/cc731569(WS.10).aspx
>

I don't remember the 2008 courseware, but 2000 & 2003 stated 10. I wouldn't
feel comfortable anyway with 100 users in a remote location saturating the
WAN link with logon, authentication, and especially Exchange-Outlook client
communications.

Ace
Re: 2 schools of thought [message #341104 is a reply to message #340996] Fri, 11 December 2009 09:49 Go to previous messageGo to next message
pbbergs  is currently offline pbbergs  United States
Messages: 1024
Registered: July 2009
Senior Member
Latest course on 2008 that I have read was 50 or a site aware application.
This is the first time I have seen 100, but I agree that is a large number.

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
Microsoft's Thrive IT Pro of the Month - June 2009

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.

"Ace Fekay [MCT]" <aceman@mvps.RemoveThisPart.org> wrote in message
news:%23RlFNNneKHA.4952@TK2MSFTNGP06.phx.gbl...
> "Paul Bergson [MVP-DS]" <pbbergs@no_spammsn.com> wrote in message
> news:ed9HjgmeKHA.2160@TK2MSFTNGP02.phx.gbl...
>> Actually it can go as high as 100.
>>
>> "Number of users and usage profiles
>> -------------------------------------
>> The number of users and their usage profiles at a given location can help
>> determine whether you need to place regional domain controllers at that
>> location. To avoid productivity loss if a WAN link fails, place a
>> regional domain controller at a location that has 100 or more users."
>>
>> From:
>> http://technet.microsoft.com/en-us/library/cc731569(WS.10).aspx
>>
>
> I don't remember the 2008 courseware, but 2000 & 2003 stated 10. I
> wouldn't feel comfortable anyway with 100 users in a remote location
> saturating the WAN link with logon, authentication, and especially
> Exchange-Outlook client communications.
>
> Ace
>
>
>
Re: 2 schools of thought [message #341230 is a reply to message #341104] Fri, 11 December 2009 12:02 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"Paul Bergson [MVP-DS]" <pbbergs@no_spammsn.com> wrote in message
news:eyF14HoeKHA.1648@TK2MSFTNGP05.phx.gbl...
> Latest course on 2008 that I have read was 50 or a site aware application.
> This is the first time I have seen 100, but I agree that is a large
> number.
>

Yes, I agree 100 is pretty high, unless of course for 100 people, I would
assume a minimal of a full T1 (not fractional) is used. But I would still
honestly put a DC/GC in way lower than that, and matter of fact, 10 may be a
little low, but 15, 20 or more, I would definitely suggest and recommend a
DC/GC.

Ace
Re: 2 schools of thought [message #341307 is a reply to message #341230] Fri, 11 December 2009 13:12 Go to previous messageGo to next message
Steve  is currently offline Steve
Messages: 434
Registered: August 2009
Senior Member
ok friends, we've gotten off the topic. In an ideal world we would have a
local DC but its not in the cards for some of these remote locations. So if I
am hearing you all correctly it is not necessary to map remote subnets to
sites with DC's correct? Please read from beginning if necessary - thanks
everyone.
--
Steve

"Ace Fekay [MCT]" wrote:

> "Paul Bergson [MVP-DS]" <pbbergs@no_spammsn.com> wrote in message
> news:eyF14HoeKHA.1648@TK2MSFTNGP05.phx.gbl...
> > Latest course on 2008 that I have read was 50 or a site aware application.
> > This is the first time I have seen 100, but I agree that is a large
> > number.
> >
>
> Yes, I agree 100 is pretty high, unless of course for 100 people, I would
> assume a minimal of a full T1 (not fractional) is used. But I would still
> honestly put a DC/GC in way lower than that, and matter of fact, 10 may be a
> little low, but 15, 20 or more, I would definitely suggest and recommend a
> DC/GC.
>
> Ace
>
>
> .
>
Re: 2 schools of thought [message #341806 is a reply to message #341307] Fri, 11 December 2009 23:53 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"Steve" <Steve@discussions.microsoft.com> wrote in message
news:E418FB24-A892-4171-A448-7EAE347877D6@microsoft.com...
> ok friends, we've gotten off the topic. In an ideal world we would have a
> local DC but its not in the cards for some of these remote locations. So
> if I
> am hearing you all correctly it is not necessary to map remote subnets to
> sites with DC's correct? Please read from beginning if necessary - thanks
> everyone.
> --
> Steve

That depends. Do you want a remote site to randomy look for a DC/GC? If so,
then don't add the remote site's subnet object to any site. If you want to
control which DC/GC a site is using, perhaps due to a faster WAN link speed
to a specific location is faster than others, then yes, add that remote
site's IP subnet object to the site that is connected with the fast link.

Ace
Re: 2 schools of thought [message #343552 is a reply to message #341307] Mon, 14 December 2009 06:26 Go to previous messageGo to next message
pbbergs  is currently offline pbbergs  United States
Messages: 1024
Registered: July 2009
Senior Member
Actually we haven't gotten off topic (Your last response was last Thursday).
If you need additional info then you will have to provide numbers of users
and applications in use, as well as what in particular you are attempting to
accomplish.

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
Microsoft's Thrive IT Pro of the Month - June 2009

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.

"Steve" <Steve@discussions.microsoft.com> wrote in message
news:E418FB24-A892-4171-A448-7EAE347877D6@microsoft.com...
> ok friends, we've gotten off the topic. In an ideal world we would have a
> local DC but its not in the cards for some of these remote locations. So
> if I
> am hearing you all correctly it is not necessary to map remote subnets to
> sites with DC's correct? Please read from beginning if necessary - thanks
> everyone.
> --
> Steve
>
> "Ace Fekay [MCT]" wrote:
>
>> "Paul Bergson [MVP-DS]" <pbbergs@no_spammsn.com> wrote in message
>> news:eyF14HoeKHA.1648@TK2MSFTNGP05.phx.gbl...
>> > Latest course on 2008 that I have read was 50 or a site aware
>> > application.
>> > This is the first time I have seen 100, but I agree that is a large
>> > number.
>> >
>>
>> Yes, I agree 100 is pretty high, unless of course for 100 people, I would
>> assume a minimal of a full T1 (not fractional) is used. But I would still
>> honestly put a DC/GC in way lower than that, and matter of fact, 10 may
>> be a
>> little low, but 15, 20 or more, I would definitely suggest and recommend
>> a
>> DC/GC.
>>
>> Ace
>>
>>
>> .
>>
Re: 2 schools of thought [message #343863 is a reply to message #341307] Mon, 14 December 2009 12:26 Go to previous message
Eric Westfall  is currently offline Eric Westfall
Messages: 6
Registered: December 2009
Junior Member
Steve,

Unless you have a compelling reason to statically map the remote subnets to
a particular site, I would suggest allowing automatic site coverage to handle
it for you. This will allow the replication topology you define to
automatically adjust in the future and will dynamically choose a site with
the lowest cost connection.

By default, each domain controller checks in all sites in the forest and
then checks the replication cost matrix. A domain controller will
automatically advertise itself (register a site-specific SRV record in DNS)
in any site that does not have a domain controller and for which its site has
the lowest-cost connections.

Regards,

Eric Westfall

"Steve" wrote:

> ok friends, we've gotten off the topic. In an ideal world we would have a
> local DC but its not in the cards for some of these remote locations. So if I
> am hearing you all correctly it is not necessary to map remote subnets to
> sites with DC's correct? Please read from beginning if necessary - thanks
> everyone.
> --
> Steve
>
> "Ace Fekay [MCT]" wrote:
>
> > "Paul Bergson [MVP-DS]" <pbbergs@no_spammsn.com> wrote in message
> > news:eyF14HoeKHA.1648@TK2MSFTNGP05.phx.gbl...
> > > Latest course on 2008 that I have read was 50 or a site aware application.
> > > This is the first time I have seen 100, but I agree that is a large
> > > number.
> > >
> >
> > Yes, I agree 100 is pretty high, unless of course for 100 people, I would
> > assume a minimal of a full T1 (not fractional) is used. But I would still
> > honestly put a DC/GC in way lower than that, and matter of fact, 10 may be a
> > little low, but 15, 20 or more, I would definitely suggest and recommend a
> > DC/GC.
> >
> > Ace
> >
> >
> > .
> >
Previous Topic:Update attribute using ldp
Next Topic:Login to AD from one VLAN to another
Goto Forum:
  


Current Time: Thu Jan 18 20:51:33 MST 2018

Total time taken to generate the page: 0.07251 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software