RE: [ActiveDir] DC placement in AD

Mon, 03 Jun 2002 11:54:06 -0700

Title: DC placement in AD
Yes, the new DC would also need to be made a GC to avoid this.
 
In large multi-domain environments it is probably not a good idea to make all your DCs GCs.  With each GC added the replication traffic increases because all GCs need to be kept up to date with changes from every domain.
 
Tony
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED]
Sent: Monday, June 03, 2002 8:05 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] DC placement in AD

As regards the second exception:
"The second exception occurs if all the DCs in a single domain in a multi-domain environment are also GC Servers, as this means they are all up-to-date and have no need of updates from the Infrastructure Master.  In these scenarios is doesn't matter which DC holds the Infrastructure Master role."
 
Let's say in the child domain I'm administering all the DCs are GCs, so of course the Inf Master is running on a DC/GC.
Now suppose down the line some other admin introduces a new DC into the domain but does not make it a GC. According to the rule and the explanation given, it seems to me that this new DC will never receive other-domain-object updates from the Inf Master in its domain because that Inf Master will simply never have any cause to do any updating.
Thus as objects change in the parent and/or peer domains this new DC becomes more and more out of date...is that correct?
Thanks,
Tom Kasmir 
 
-----Original Message-----
From: Tony Murray [mailto:[EMAIL PROTECTED]]
Sent: Monday, June 03, 2002 12:44 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] DC placement in AD

Diane,

 

The Infrastructure Master is responsible for updating references from objects in its domain to objects in other domains. The way it does this is to compare its data with that of a GC (which is why it is good practice to always have a GC available in the same Site).  If through this comparison the Infrastructure Master discovers out-of-date data then it requests an update from the GC.  It then replicates this information to other DCs in the domain.  The problem with co-locating the two functions is that the GC's data, through replication, is always (or nearly always) up to date.  This means that the Infrastructure master will never find  out-of-date data and will therefore never replicate updates to the other DCs in the domain.  In other words the Infrastructure will not perform its role.

 

When you install your first Active Directory Domain Controller it is automatically configured as a GC Server.  The first DC in the forest is also assigned all five FSMO roles.  This would tend to go against the rule of thumb regarding GCs and the Infrastructure Master role.  In fact there are two exceptions to the rule.  If there is only one domain then the Infrastructure Master has no need update object references to other domains, because there are no other domains.  The second exception occurs if all the DCs in a single domain in a multi-domain environment are also GC Servers, as this means they are all up-to-date and have no need of updates from the Infrastructure Master.  In these scenarios is doesn't matter which DC holds the Infrastructure Master role.

 

Ken is likely to have either one domain or 2 small domains.  In either case I would recommend that he configure all his DCs as GCs.

 

Tony

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Ayers, Diane
Sent: Monday, June 03, 2002 5:44 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] DC placement in AD

IIRC, you need to have one non-GC to support the infrastructure master FSMO role.  I've been going be the recommendation the the Infrastructure master should be on a non GC but for a domain of 20 users it might not be an issue.
 
Diane
-----Original Message-----
From: Tony Murray [mailto:[EMAIL PROTECTED]]
Sent: Saturday, June 01, 2002 8:55 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] DC placement in AD

Hi Ken
 
Personally, I wouldn't have a domain with just one DC.  This applies especially to the root domain which houses the Enterprise Administrators and Schema Administrators groups.  Even with backups a single DC represents an unaccepable risk.  Also, in terms of business continuity a single DC per domain is a single point of failure.
 
If you can't afford the luxury of 4 DCs (which for 20 users looks like overkill) I would stay with just one domain.   If the company changes name in the future it will not kill you to migrate 20 users.
 
Good idea to make them both GCs.
 
Tony
 
 -----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Ken Rinehart
Sent: Friday, May 31, 2002 11:42 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] DC placement in AD


I have a small office network I've been designing and just need a few "tips" before I go through the actual setup.  The company has agreed to buy 2 nice servers to act as DCs for a small office network of 20 people.  There is talk of a company name change at somepoint so my thoughts were to do an "empty root" then create my main domain tree that all users will login to. Done.  Eventually when the time comes I'd just create a new domain tree with the new company name and move the accounts over. This seem logical?

I guess my question is will 2 DCs be OK for now?  I'd just make them both GC servers also.  I'm trying to get a better understanding of where to put DCs in the scheme of things.  One DC per domain tree or what?

Thanks in advance

Ken-

Reply via email to