Windows Server - AD Site Topology

Asked By AJ
30-Oct-09 07:29 PM
Hi Folks

I wondered if I could get some input into this situation. We are
looking at doing an AD design. We have pretty much a hub spoke network
architecture with a lot of good links between sites (1GB/100MB).
Prevously in other designs I have always seperated poorly connected
sites out into their own AD site depending on if a local domain
controller was required or not. If no local services were required
then that sites subnet was simply added to their parent sites AD site.
Given the situation that most sites are connected via 1GB connections
I am leaning towards not creating individual sites but grouping these
locations into a single site. Due to the network speeds here
authenticating with a domain controller in a different physical
location (which could happen) should not be an issue here and also
with links this fast who cares about the replication path the KCC
creates and the replication traffic generated between the domain
controllers? On the other hand it would be cleaner and tidier I guess
to create individual sites for each physical location. I am really
undecided here, I dont think either way is right or wrong but would
value any input anybody cares to add.

Incidently Exchange 2007 will be in the mix and that uses AD sites for
routing purposes, however the plan is to only have a couple of
clusters in strategic locations and the well connected sites will
simply be accessing the centralised servers over the WAN.

Appreciate any input.

TIA

AJ
Windows 2000 Active Directory Discussions
 
Outlook
(1)
DSProxy
(1)
CSci
(1)
GCs
(1)
Directory
(1)
Topology
(1)
Achiever
(1)
Trainer
(1)
  Ace Fekay [MCT] replied to AJ
30-Oct-09 01:55 AM
I would consolidate any child domains into one domain (forest root domain),
but I actually prefer to use Sites, even with a such a high speed backbone.
This way if any of the link goes down, at least the clients in their
respective locations will still be looking for that cached DC having
problems authenticating to print, or Outlook looking for that cached DSProxy
to a GC outside of it is physical location resulting in Outlook problems, as
well as Exchange, because it discovers GCs based on Sites, will hollar, shut
services down, etc, if a GC is no longer accessible.

I hope that helps.

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among
responding engineers, and to help others benefit from your resolution.

Ace Fekay, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA
2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer

For urgent issues, please contact Microsoft PSS directly. Please check
http://support.microsoft.com for regional support phone numbers.
  AJ replied to Ace Fekay [MCT]
30-Oct-09 07:29 PM
On 30 Oct, 05:55, "Ace Fekay [MCT]" <ace...@mvps.RemoveThisPart.org>

Hi Ace

thanks for your reply. The high speed connected sites would still have
local infrastrcuture i.e. DC's/F&P but not exchange.
Just to make sure I am clear on your response - You mean if the local
client happended to authenticate with infrastrcuture outside of its
physical location these problems would occur if a link went down, i.e
the DC/GC would not be available anymore?

Exchange is normally pretty good when a GC/DC goes down or is
unavailble as it will have knowledge of all the GCs in the site as
well as out of the site and should recover, so I dont really see that
as being an issue. The services should only stop if there are no GCs
available and that wont be a problem as there will be quite a few GCs
local to the Exchange Servers and in other physical locations. The
client side is a good point though although I thought MS improved the
ability for Outlook to recover from a lost GC, I seemed to recall
reading something a couple of years back.

TIA
AJ
  Paul Bergson [MVP-DS] replied to AJ
30-Oct-09 08:47 AM
I see no reason to create a seperate site with that type of connectivity.
If a site has a large number of users or there is some critical app, you
should consider placing a DC at the site.

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
Microsoft's Thrive IT Pro of the Month - June 2009

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.
  Ace Fekay [MCT] replied to AJ
31-Oct-09 03:14 AM
Correct.


Actually, if there are multiple GCs, it depends on which GC it has locked on
to. If your whole infrastructure is in one AD Site, you will not know which one
it is until it goes down.
  AJ replied to Ace Fekay [MCT]
31-Oct-09 06:33 AM
On 31 Oct, 07:14, "Ace Fekay [MCT]" <ace...@mvps.RemoveThisPart.org>
wrote:
  Ace Fekay [MCT] replied to AJ
01-Nov-09 08:41 PM

         

  

 



     
  AJ replied to Ace Fekay [MCT]

      

          

               
02-Nov-09 11:08 PM

               

         

         

            
On 2 Nov, 01:41, "Ace Fekay [MCT]" <ace...@mvps.RemoveThisPart.org>
wrote:

         

  

 



     
  Ace Fekay [MCT] replied to AJ

      

          

               
03-Nov-09 12:49 PM

               

         

         

            

         

  

 


    
 

  
 

 
Previous Discussion:  Gateway & proxy settings through GPO

 

 
Create New Account
 
 

   

help



     
     
one and saw that MS EXCHANGE was not able to connect to 2nd DC (MS OUTLOOK was not able to connect to MS EXCHANGE at the end-users),  even ISA-2004   saqeb@live.com Windows Server Active Directory Discussions   Windows Server 2003 (1) Active Directory (1) Outlook (1) NetBIOS (1) DSAccess (1) OKPhil (1) DsProxy (1) CSci (1) Howdie! Basically,  you need to put both DNS server IPs in into the DNS   co.il / configure_a_new_global_catalog.htm - - Paul Bergson MVP - Directory Services MCTS,  MCT,  MCSE,  MCSA,  Security+,  BS CSci 2008,  2003,  2000 (Early Achiever),  NT4 Microsoft's Thrive IT Pro of the Month - June   algorithm.aspx Also with Exchange involved,  it becomes a little trickier. Keep in mind,  when Outlook 2002 and newer first connects,  it is provided a DsProxy value for the GC that Exchange is using. Outlook will now cache it. If the GC goes down,  even if there are other GCs







     
     
2 out of the 6 dc's. Windows Server Active Directory Discussions   Microsoft Exchange (1) Outlook 2003 (1) Outlook (1) DSProxy (1) PSTs (1) NonthreadedKC (1) Hello Pierre,  Before shutting down any domain controller,  I will   com / windows / articles.htm - - Paul Bergson MVP - Directory Services MCTS,  MCT,  MCSE,  MCSA,  Security+,  BS CSci 2008,  2003,  2000 (Early Achiever),  NT4 http: /  / www.pbbergs.com Please no e-mails,  any   a DC will fail when they try to authenticate for things,  such as mapped drives,  Outlook,  etc. DCs can't simply be downed. My feeling is to inventory the apps. - - Ace   during production hours will cause issues with logged on users,  especially if they are using Outlook / Exchange. When Outlook connects to an Exchange server,  a connection request along with a DSProxy request is sent to Exchange for Exchange to redirect the Outlook client to a GC







     
     
one thing that doe snot work is what I used to call HTTP-RPC for Outlook 2003. With Exchange 12007 it appears they now call it "Outlook Anywhere ". I have tried it with two different users to no avail. After you try to connect,  Outlook just sits there and never logs in. Some the ISA server's transactions for the   yyy.zzz.123 ourdomain \ user1 MSRPC Y 2008-03-03 00:21:33 W3ReverseProxy ISAFIREWALLBOX - outlook.ourdomain.org 192.168.1.1 443 15 276 2185 https TCP RPC_IN_DATA http: /  / outlook.ourdomain.org / rpc / rpcproxy.dll?exchange.internaldomain.com:593 Inet 8 Exchange 2007 Outlook Anywhere Req ID: 09f5c852; FBA cookie: exists = no,  valid = no,  updated = yes,  logged off = no   yyy.zzz.123 ourdomain \ user1 MSRPC Y 2008-03-03 00:21:34 W3ReverseProxy ISAFIREWALLBOX - outlook.ourdomain.org 192.168.1.1 443 47 345 341 https TCP RPC_OUT_DATA http: /  / outlook.ourdomain.org / rpc / rpcproxy.dll?exchange.internaldomain.com:593 Inet 503 Exchange 2007 Outlook Anywhere







     
     
outlook mailbox size Windows Server What is the maximum size of a default outlook mailbox? Windows Server Discussions   Outlook (1) Maiolbox (1) Ost (1) Pst (1) Hello outlook,  Outlook has no maiolbox size itself. That will be configured on the mail server. If you   to Newsgroups * * HELP us help YOU!!! http: /  / www.blakjak.demon.co.uk / mul_crss.htm Hello outlook,  Sorry,  i mentioned the wrong file size,  it is 2GB and not 4GB for a   to Newsgroups * * HELP us help YOU!!! http: /  / www.blakjak.demon.co.uk / mul_crss.htm keywords: outlook, mailbox, size description: What is the maximum size of a default outlook mailbox?