Hi Roger, Each DC is also the DNS server for the domain. So, each points to the other and themself as well.
-----Original Message----- From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Monday, March 03, 2003 10:42 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] AD Design Guidance What DNS servers are the domain controllers pointing to? -------------------------------------------------------------- Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis Inc. > -----Original Message----- > From: Friese, Casey [mailto:[EMAIL PROTECTED] > Sent: Friday, February 28, 2003 3:31 PM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] AD Design Guidance > > > Marc, > > 1. Yes, both locations are setup as separate sites > > 2. The DNS Event log on the DC in Office B reports 5509 > events often, received an invalid DNS update from 10.64.3.2 > (Master in Office A) - packet rejected > > 3. No Directory Service Errors but there are numerous FRS > errors showing issues with replicating from Office A to Office B > > The File Replication Service is having trouble enabling > replication from PA-FILE-01 (Office A) to PA-FILE-02 (Office > B) for c:\winnt\sysvol\domain using the DNS name > PA-FILE-01.penncolor.com. FRS will keep retrying. > Following are some of the reasons you would see this warning. > > [1] FRS can not correctly resolve the DNS name > PA-FILE-01.penncolor.com from this computer. > [2] FRS is not running on PA-FILE-01.penncolor.com. > [3] The topology information in the Active Directory for > this replica has not yet replicated to all the Domain Controllers. > > This warning as well: > The File Replication Service has enabled replication from > PA-FILE-01 to PA-FILE-02 for c:\winnt\sysvol\domain after > repeated retries. > > 4. The DC's don't "act" bogged down while physically at them. > They're noticably bogged down from the client end with > regards to accessing resources. > > -----Original Message----- > From: Marc Zukerman [mailto:[EMAIL PROTECTED] > Sent: Friday, February 28, 2003 3:20 PM > To: [EMAIL PROTECTED] > Subject: Re: [ActiveDir] AD Design Guidance > > > Another few questions Casey: > > 1. Are the different locations set up as separate sites? > 2. How healthy is DNS? WINS? Are there any errors? What's the > topology? 3. Are there any errors in the Directory Services > logs on the domain controller? 4. Are the DCs bogged down? > > Marc Zukerman > Senior Network Engineer > Greenwich Technology Partners > > ----- Original Message ----- > From: "Friese, Casey" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Friday, February 28, 2003 2:34 PM > Subject: RE: [ActiveDir] AD Design Guidance > > > Gil, thanks for the questions, here are the answers: > > Number of clients in Office A is ~25 > Number of clients in Office B is ~250 > > There are a mix of 9x, 2000 and XP client, most are 2000. > The symptoms show across all clients > > I'm not sure about the bandwidth > > It's a native Win2k domain. > > Hope this fills thing out. > > -----Original Message----- > From: Gil Kirkpatrick [mailto:[EMAIL PROTECTED] > Sent: Friday, February 28, 2003 2:24 PM > To: '[EMAIL PROTECTED]' > Subject: RE: [ActiveDir] AD Design Guidance > > > A couple of questions to fill out the picture: > > How many clients at each site? > What kinds of clients (ME/98, NT4, W2K, XP, etc) > Do you have any idea of how much _available_ bandwidth there > is on the link? Where is the PDC emulator? I'm guessing it is > in office A where the first DC lives. > > -gil > > -----Original Message----- > From: Friese, Casey [mailto:[EMAIL PROTECTED] > Sent: Friday, February 28, 2003 12:00 PM > To: [EMAIL PROTECTED] > Subject: [ActiveDir] AD Design Guidance > > > I have uncovered what I believe is a problem with our Active > Directory design. I'm looking for assurance that it is > indeed a problem judging from the symptoms that I am seeing > and I'm also looking for recommendations on how to correct it. > > I've walked into the company just weeks after a consultant > started implementing the AD design. Now, 8 months later and > 10 servers later I believe that the design is flawed. Here > are my symptoms: > > Any administration activity done on the servers such as > setting permissions/re-writing permissions, opening property > sheets within Exchange System Manager, Viewing properties > sheets of OU objects/group policies, etc. All of these tasks > take a long period of time to complete or display. > > >From the client end we see hanging connections - one moment > a share is > >available, the next permission is denied or the connection can't be > >made. Opening files from the network sluggish and at times dhcp > >settings are lost. > > We have 2 offices: > Our HQ is in office A > Our Datacenter is in office B > > Office A has 1 Windows 2000 Server and was the first server > built in the Forest. This server is doing File/Print, DHCP, > WINS, DNS for it's location among doing it's specialized > tasks for the domain. > > Office B has 9 Windows 2000 Servers - among those 9 is a DC, > 1 is an E2K server and 1 is an ISA server. The DC provides > file/print, DHCP, WINS, DNS for it's location. The E2K > server is the mail server for both locations and the ISA > server is the Firewall for both locations. > > Office A is connected to Office B via 256kbps Split T1 used > for both voice and data. Office B is connected to the > internet via full T1 which is responsible for handling all > internet requests. > > Both sites, office A and B, belong to the same parent domain > - company.com with each client's dns set as clientname.company.com > > First questions: Are there any flaws with the above design? > The most noticeable thing to me is that Office A and B > communicate of a 256kbps shared line. I'm not an expert with > AD, in fact, It's new to me but from what I understand > anything done in Office B has to go to the Head Server in > Office A. These is where I believe my problems lie. > > What I would like to do is break these two sites apart and > have officeA.company.com and officeB.company.com - I think > this is the correct approach but I'm not sure. My main > concern is our Exchange 2000 Server and out ISA server > because they're both linked heavily into the AD so totally > redoing the design is a bit tough. Alternatively, I have > started entertaining the idea of moving the server in Office > A to the Office B location making Office B the root domain > and any new sites child domains. > > I apologize for the length and if I've confused anyone - I'm > confused myself. I just want to know if I'm blaming the > symptoms on the right thing and how I should proceed. > > Thanks, > Casey > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > List info : > http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > List info : > http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > List info : > http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > List info : > http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
