Sites can also be used to control replication traffic between "a set of well connected computers" (how it replicates and when it replicates and which clients authenticate to which DCs) A set of well connected computers could be a location but even a VLAN. The latter is a solution if you only allow communication between each VLAN and the HUB and the other way around, but not between VLANs. I agree with Neil that if you have one site devided by VLANs clients in VLAN1 could be offered a DC in VLAN3 which is not reachable as you told us.
Creating a domain for each VLAN and still have 1 site will not help either because all the DCs in the forest still replicate the schema and the configuration and if w2k3 also the application partition between each other. And don't forget the replication of the GC data. If you do not allow communication between VLANs in my opinion it is best to configure a site for each VLAN. That will also solve your exchange issue of manualy defining 2 DCs/GCs in exchange. Cheers, #JORGE# -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of rubix cube Sent: dinsdag 5 juli 2005 12:14 To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] GC As I understand sites are used if you have a remote site and you want to replicate AD traffic, this is not my case and so I have 1 site. I have a backbone main switches which I create the VLANs on and setup filters on these VLANs so which IP ranges can access which servers and resources, I have 15 IP ranges and different DHCPs, I have DHCP relay agents on all my edge switches so the IP addresses setup and distribution is being taken care of properly. How to prevent users? through filtering all traffic from passing by from one subnet to other subnets. easy but I don't' think it can be done depending on AD and windows, I guess I can create child domains and prevent users from logging in except for specific domains, but I didn't try that yet since my solution is working fine for me currently. Why is that odd? :) On 7/5/05, Ruston, Neil <[EMAIL PROTECTED]> wrote: > I don't understand how this can work in one site :) > > If all DC/GCs are defined in the same site, then clients may be 'offered' any of these DCs from a DNS perspective, since they are all 'equal'. > > You appear to several odd environmental issues which need to be addressed before attacking the Outlook related issues. > > neil > > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of rubix cube > Sent: 05 July 2005 10:22 > To: ActiveDir@mail.activedir.org > Subject: Re: [ActiveDir] GC > > > seems very good but I have 1 domain but I have 15 VLANs, not all domain controllers accessible by all VLANs, if I set all the domain controllers to GC will that cause a problem? the 2 that I chose to set as GCs are accessible from all VLANs. > > thanks. > r.c. > > > On 7/5/05, Almeida Pinto, Jorge de <[EMAIL PROTECTED]> wrote: > > I also don't agree with what you are saying concerning the maintenance > > of the GCs. > > > > If you only have 1 domain in the forest there is NO OVERHEAD in making > > all DCs GCs. The size of your DIT will not grow in size because there > > are no other domains. For its own and single domain the GCs will use > > pointers to the domain data. > > > > So if you have 1 domain, make all DCs GCs. > > > > Even if you have multiple domains there as less issues in W2K3 > > compared to W2K because W2K3 DCs/GCs use Linked Value Replication > > (only in FFL > > w2k3) and for the partial attribute set it only replicates the deltas. > > So even for a multiple domain forest I would consider making all DCs > > GCs. > > > > Concerning exchange I would not manually define the DCs and GCs it > > uses. Let exchange itself figure that out. What are the reasons to > > manually define the DCs/GCs it uses? > > > > Cheers, > > #JORGE# > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of rubix cube > > Sent: dinsdag 5 juli 2005 10:51 > > To: ActiveDir@mail.activedir.org > > Subject: Re: [ActiveDir] GC > > > > One site and all servers in that one site. > > > > > > On 7/5/05, Rops, Arjan <[EMAIL PROTECTED]> wrote: > > > How many sites do you have configured in your AD? > > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED] On Behalf Of rubix cube > > > Sent: dinsdag 5 juli 2005 10:34 > > > To: ActiveDir@mail.activedir.org > > > Subject: Re: [ActiveDir] GC > > > > > > Suffering = users loose connectivity to their mailbox (the Outlook > > > shows a message saying Trying to connect to your exchange server), > > > users can't use their home directories on the servers, users not > > > being able to print, basically users goes offline, waiting for the > > > GC to be online, now this I understand if there was only one GC, but > > > if 2, then this shouldn't happen, > > > > > > i.e. the network appears to be seeing each GC as the only one. > > > > > > Is there anything else other than checking the Global Catalogue > > > check box to make a server GC? (and add it in the system manager in > > > the exchange server as a GC too) ? > > > > > > Thanks, > > > r.c. > > > > > > On 7/5/05, Ruston, Neil <[EMAIL PROTECTED]> wrote: > > > > I don't agree with the below at all, to be candid. I would rather > > have > > > 7 servers, knowing I can lose 1 or 2 without issue, rather than > > working > > > round the clock to keep 2 servers up all the time. To me, that's the > > > beauty of systems like AD, where the system is distributed and self > > > resilient. You however, have removed some of that resilience from > > > the system and have thus moved the maintenance effort from the > > > system onto your own lap. > > > > > > > > Anyway, now that's off my chest - I think you need to explain what > > > 'the network suffers' means. What symptoms do you see when a GC goes > > > offline? I'd also like to know why your GCs are going offline. > > > > > > > > We have 100+ GCs here and we probably have 4-5 issues per year. > > > > When > > > we do have an issue, the net effect on the end user is negligible > > > due > > to > > > the self healing and resilient nature of AD/GCs themselves. > > > > > > > > neil > > > > > > > > -----Original Message----- > > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED] On Behalf Of rubix cube > > > > Sent: 05 July 2005 08:48 > > > > To: ActiveDir@mail.activedir.org > > > > Subject: Re: [ActiveDir] GC > > > > > > > > > > > > Thanks for teh reply :) > > > > > > > > I will tell you, because now I have to maintain 2 servers (the > > > > GCs) > > > online 24/7 I can't take one offline for maitenance for a second > > > cause the network goes down, imagine if I upgrade the other 5, then > > > I will have to keep 7 servers alive 24/7!!!!!!! > > > > > > > > I configure the exchange to use multiple GC, but why the network > > > suffers if one of them goes offline? I dont' know? is it by design? > > > or am I missing something > > > > > > > > thaks, > > > > r.c. > > > > > > > > > > > > On 7/5/05, Ruston, Neil <[EMAIL PROTECTED]> wrote: > > > > > "rough and ready" response :) > > > > > > > > > > 1. Client logons, Exchange GAL lookups and various other > > components > > > > > require a GC to be available, ideally in the same site. 2. Why > > > > > are only 2 of the 7 DCs also GCs? > > > > > > > > > > Given that you are experiencing issues, I'd be inclined to > > 'upgrade' > > > > > the remaining 5 DCs to GC status and ensure that your Exchange > > > servers > > > > > are configured to use multiple GCs. > > > > > > > > > > When all DCs are GCs, the infra master FSMO becomes redundant > > > > > too, > > > so > > > > > that's one less FSMO to worry about catering for :) > > > > > > > > > > neil > > > > > > > > > > > > > > > -----Original Message----- > > > > > From: [EMAIL PROTECTED] > > > > > [mailto:[EMAIL PROTECTED] On Behalf Of rubix > > cube > > > > > Sent: 05 July 2005 08:16 > > > > > To: ActiveDir@mail.activedir.org > > > > > Subject: [ActiveDir] GC > > > > > > > > > > > > > > > Hi, > > > > > I have 2 GC and 7 domain controllers, I made 2 GC so that if I > > > > > had > > > to > > > > > take any one of them offline the other will be functional and > > > > > the network will be ok, what happens is that if any of them goes > > > offline, > > > > > the network goes down, (includeing email service exchange). Any > > > thing > > > > > I should have done ? > > > > > > > > > > Thanks, > > > > > r.c. > > > > > List info : http://www.activedir.org/List.aspx > > > > > List FAQ : http://www.activedir.org/ListFAQ.aspx > > > > > List archive: > > > > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > > > > > > > > > > ==================================================================== > > > == > > > > > ======== > > > > > Please access the attached hyperlink for an important electronic > > > communications disclaimer: > > > > > > > > > > http://www.csfb.com/legal_terms/disclaimer_external_email.shtml > > > > > > > > > > > > > ==================================================================== > > > == > > > > > ======== > > > > > > > > > > List info : http://www.activedir.org/List.aspx > > > > > List FAQ : http://www.activedir.org/ListFAQ.aspx > > > > > List archive: > > > > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > > > > > > List info : http://www.activedir.org/List.aspx > > > > List FAQ : http://www.activedir.org/ListFAQ.aspx > > > > List archive: > > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > > > > > > > > > > ====================================================================== > > == > > > ====== > > > > Please access the attached hyperlink for an important electronic > > > communications disclaimer: > > > > > > > > http://www.csfb.com/legal_terms/disclaimer_external_email.shtml > > > > > > > > > > > > > ====================================================================== > > == > > > ====== > > > > > > > > List info : http://www.activedir.org/List.aspx > > > > List FAQ : http://www.activedir.org/ListFAQ.aspx > > > > List archive: > > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > > > > List info : http://www.activedir.org/List.aspx > > > List FAQ : http://www.activedir.org/ListFAQ.aspx > > > List archive: > > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > > > > > > This e-mail and any attachment is for authorised use by the intended > > recipient(s) only. It may contain proprietary material, confidential > > information and/or be subject to legal privilege. It should not be > > copied, disclosed to, retained or used by, any other party. If you are > > not an intended recipient then please promptly delete this e-mail and > > any attachment and all copies and inform the sender. Thank you. > > > List info : http://www.activedir.org/List.aspx > > > List FAQ : http://www.activedir.org/ListFAQ.aspx > > > List archive: > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > > List info : http://www.activedir.org/List.aspx > > List FAQ : http://www.activedir.org/ListFAQ.aspx > > List archive: > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/List.aspx > > List FAQ : http://www.activedir.org/ListFAQ.aspx > > List archive: > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > ======================================================================== ====== > Please access the attached hyperlink for an important electronic communications disclaimer: > > http://www.csfb.com/legal_terms/disclaimer_external_email.shtml > > ======================================================================== ====== > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/