"...if there are sites and subnets defined..." AND there are sites connected to the DC-less site via site-links.
My bad... -gil -----Original Message----- From: Roger Seielstad [mailto:roger.seielstad@;inovis.com] Sent: Wednesday, October 30, 2002 6:38 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Sites with no DC And that would be incorrect. We have an empty Default-First-Site-Name - no DCs, nothing. Assigned to it is a subnet that's not in use on our network at all. There are no clients, nor any servers in the subnet. There is no Default-First-Site-Name under _sites.domain.net within my DNS tables, anywhere. My original statement stands - create subnets, and associate them with the DC containing site to which you'd like them to authenticate. Otherwise, youse rolls the dice and youse taka you chances. ------------------------------------------------------ Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA > -----Original Message----- > From: Gil Kirkpatrick [mailto:gilk@;netpro.com] > Sent: Tuesday, October 29, 2002 2:11 PM > To: '[EMAIL PROTECTED]' > Subject: RE: [ActiveDir] Sites with no DC > > > But NETLOGON does create SRV recs to cover DC-less sites if > there are sites > and subnets defined, which is what the original post > indicated ("to create > an empty site (no DCs)for you [sic] subnets") > > At least that's how I read it... > > -gil > > -----Original Message----- > From: Roger Seielstad [mailto:roger.seielstad@;inovis.com] > Sent: Tuesday, October 29, 2002 11:19 AM > To: '[EMAIL PROTECTED]' > Subject: RE: [ActiveDir] Sites with no DC > > > Site coverage works exactly as Stuart Kwan explained - without manual > intervention of the RR records, the actual logins are processed fairly > randomly - they don't necessarily authenticate to the closeest site. > It just doesn't happen. > > ------------------------------------------------------ > Roger D. Seielstad - MCSE > Sr. Systems Administrator > Inovis - Formerly Harbinger and Extricity > Atlanta, GA > > > > -----Original Message----- > > From: Gil Kirkpatrick [mailto:gilk@;netpro.com] > > Sent: Tuesday, October 29, 2002 12:27 PM > > To: '[EMAIL PROTECTED]' > > Subject: RE: [ActiveDir] Sites with no DC > > > > > > Really? What part is not the case? That clients don't authenticate, > > or that DCs don't publish SRV recs to cover DC-less sites based on > > cost? > > > > My experience has been that site coverage works as advertised. > > > > -gil > > > > -----Original Message----- > > From: Roger Seielstad [mailto:roger.seielstad@;inovis.com] > > Sent: Tuesday, October 29, 2002 7:43 AM > > To: '[EMAIL PROTECTED]' > > Subject: RE: [ActiveDir] Sites with no DC > > > > > > > If you decide "to create an empty site (no DCs)for you > subnets", the > > > autosite coverage algorithm will ensure that clients in > > that site are > > > authenticated with a DC in a nearby site. The DCs in the > > closest site > > > based on cost will register site-specific SRV records for > the empty > > > site. > > > > >From experience, I can tell you unequivocally that this is NOT the > > >case. As > > recently as Win2k SP2. > > > > ------------------------------------------------------ > > Roger D. Seielstad - MCSE > > Sr. Systems Administrator > > Inovis - Formerly Harbinger and Extricity > > Atlanta, GA > > > > > > > -----Original Message----- > > > From: Tucker, Mark [mailto:MTucker@;aelita.com] > > > Sent: Thursday, October 24, 2002 3:20 PM > > > To: [EMAIL PROTECTED] > > > Subject: RE: [ActiveDir] Sites with no DC > > > > > > > > > I would agree that you want to register the subnets in Sites and > > > Services. > > > > > > If a client attempts to authenticate from a subnet that is not > > > registered, AD has no way to determine what site the client > > is in. It > > > this case, I believe the client will query DNS for all of > > the DCs in > > > the domain and then attempt to contact each one in turn. > The first > > > one that replies will be used for authentication. > > > > > > If you decide to create an empty site (no DCs)for you > subnets, the > > > autosite coverage algorithm will ensure that clients in > > that site are > > > authenticated with a DC in a nearby site. The DCs in the > > closest site > > > based on cost will register site-specific SRV records for > the empty > > > site. > > > > > > -Mark > > > -----Original Message----- > > > From: Roger Seielstad [mailto:roger.seielstad@;inovis.com] > > > Sent: Thursday, October 24, 2002 9:39 AM > > > To: '[EMAIL PROTECTED]' > > > Subject: RE: [ActiveDir] Sites with no DC > > > > > > > > > > Oh, and this all does assume that YOUR network engineers > > > TELL you when > > > > they put in a whole 'nother group of networks or sub-netted > > > something > > > > that you already had defined. No, really - I'm not bitter.... > > > > > > Glad to know that happens elsewhere, too. > > > > > > ------------------------------------------------------ > > > Roger D. Seielstad - MCSE > > > Sr. Systems Administrator > > > Inovis - Formerly Harbinger and Extricity > > > Atlanta, GA > > > > > > > > > > -----Original Message----- > > > > From: Rick Kingslan [mailto:rkingsla@;cox.net] > > > > Sent: Thursday, October 24, 2002 9:41 AM > > > > To: [EMAIL PROTECTED] > > > > Subject: RE: [ActiveDir] Sites with no DC > > > > > > > > > > > > I'd agree with Roger on this one - unless you don't mind > > machines in > > > > Pnsacola FL. Authenticating in Reno, NV. If we don't have > > > one of our > > > > subnets defined to some site, we see messages from the Locator > > > > reporting that some machine at some site with the subnet xx.xx > > > couldn't find an > > > > associated site. It suggests that you might want to create a > > > > subnet for it. > > > > > > > > If these types of events are rare, or there are a small > number of > > > > un-associated machines, or, if you have boatloads of > > bandwidth, then > > > > it might not be a problem. > > > > > > > > I'd take chance out of the equation and just create the > > subnets and > > > > associate them with your hub until you have a clearer idea > > > of what the > > > > traffic pattern should be. > > > > > > > > Oh, and this all does assume that YOUR network engineers > > > TELL you when > > > > they put in a whole 'nother group of networks or sub-netted > > > something > > > > that you already had defined. No, really - I'm not bitter.... > > > > > > > > Rick Kingslan - Microsoft MVP [Windows NT/2000] > > > > Microsoft Certified Trainer > > > > MCSA, MCSE+I - Windows NT / 2000 > > > > > > > > "Any sufficiently advanced technology > > > > is indistinguishable from magic." > > > > --- Arthur C. Clarke > > > > > > > > > > > > > > > > > -----Original Message----- > > > > > From: [EMAIL PROTECTED] > > > > > [mailto:ActiveDir-owner@;mail.activedir.org] On Behalf Of Roger > > > > > Seielstad > > > > > Sent: Thursday, October 24, 2002 6:59 AM > > > > > To: '[EMAIL PROTECTED]' > > > > > Subject: RE: [ActiveDir] Sites with no DC > > > > > > > > > > > > > > > >From experience, I wouldn't trust the locator to get > > > 'close' very > > > > > >often. > > > > > > > > > > During our initial deployment, the WAN team changed > the IP pools > > > > > of our VPN concentrators. After looking through some > of the logs > > > > > on domain controllers, we were seeing a very random > distribution > > > > > of authentication, with some authentication happening > 4 WAN hops > > > > > away, when there were multiple DCs on different local subnets. > > > > > > > > > > I'd strongly suggest creating a subnet object for > each subnet on > > > > > your network, and associating each of them with a site. > > > > > > > > > > ------------------------------------------------------ > > > > > Roger D. Seielstad - MCSE > > > > > Sr. Systems Administrator > > > > > Inovis - Formerly Harbinger and Extricity > > > > > Atlanta, GA > > > > > > > > > > > > > > > > -----Original Message----- > > > > > > From: Garello, Kenneth [mailto:KGarello@;worcester.edu] > > > > > > Sent: Wednesday, October 23, 2002 5:07 PM > > > > > > To: '[EMAIL PROTECTED]' > > > > > > Subject: RE: [ActiveDir] Sites with no DC > > > > > > > > > > > > > > > > > > How much overhead does leaving it up to the locator incur? > > > > > > > > > > > > Ken > > > > > > > > > > > > -----Original Message----- > > > > > > From: Gil Kirkpatrick [mailto:gilk@;netpro.com] > > > > > > Sent: Wednesday, October 23, 2002 4:37 PM > > > > > > To: '[EMAIL PROTECTED]' > > > > > > Subject: RE: [ActiveDir] Sites with no DC > > > > > > > > > > > > Hey Don, > > > > > > > > > > > > Is this your first post to the list? If so, welcome. > > > > > > > > > > > > To answer your question, no you don't have to create > > a site for > > > > > > each subnet. You can associate multiple subnets > with a single > > > > > > site. Or you can leave the subnets unassigned, and the DC > > > > > > locator will do its best to find a DC "close" to the > > > > > > authenticating PC. > > > > > > > > > > > > -gil > > > > > > -----Original Message----- > > > > > > From: Don Murawski (Lenox) > > > > > > [mailto:Don.Murawski@;worldtravel.com] > > > > > > Sent: > > > > > > Wednesday, October 23, 2002 1:02 PM > > > > > > To: [EMAIL PROTECTED] > > > > > > Subject: [ActiveDir] Sites with no DC > > > > > > We have subnets without dc's, do you need to create a > > > > > > site and subnet in Sites and Services anyway for > those sites? > > > > > > > > > > > > Don L Murawski > > > > > > > > > > > > > > > > > List info : http://www.activedir.org/mail_list.htm > > > > > List FAQ : http://www.activedir.org/list_faq.htm > > > > > List archive: > > > > > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > > > > > > > > > > > > > > > List info : http://www.activedir.org/mail_list.htm > > > > List FAQ : http://www.activedir.org/list_faq.htm > > > > List archive: > > > > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > > > > > List info : http://www.activedir.org/mail_list.htm > > > List FAQ : http://www.activedir.org/list_faq.htm > > > List archive: > > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > List info : http://www.activedir.org/mail_list.htm > > > List FAQ : http://www.activedir.org/list_faq.htm > > > List archive: > > > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > > > List info : http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > > List info : > > http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > List info : > http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
