OK, that's what I understood. Doing the replication topology manually isn't a wonderful solution, but it is workable. Manuall defining a hub-and-spokish replication topology with 19 DCs is not a huge undertaking. Forcing the appropriate authentication topology would require judicious assignment of DNS servers and fiddling of SRV recs. All doable, but agreed, its a pain in the a--.
-gil -----Original Message----- From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 04, 2003 11:19 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Replication Problems... Bridged WAN = 1 subnet, everything is local to everything else. It's a traffic nightmare, especially since every broadcast traverses every WAN link. >From an AD perspective, I'm always wary of doing the manual replication objects. Not to mention one would have to do a LOT of work to ensure the use of local DC's for authentication. Roger -------------------------------------------------------------- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. > -----Original Message----- > From: Gil Kirkpatrick [mailto:[EMAIL PROTECTED] > Sent: Wednesday, June 04, 2003 1:59 PM > To: '[EMAIL PROTECTED]' > Subject: RE: [ActiveDir] Replication Problems... > > > Raymond, Roger, > > Perhaps I'm missing the significance of a "bridged WAN", but > why not disable the KCC and create your own connection > objects to control which DCs replicate with each other? > > -gil > > -----Original Message----- > From: Raymond McClinnis [mailto:[EMAIL PROTECTED] > Sent: Wednesday, June 04, 2003 9:06 AM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Replication Problems... > > > We do, at least, have each of our remote sites with a > different IP range since the network USED to be routed (long > story short, our core processor uses a serial printing > protocol that was not routable at the > time) We are redesigning the network this year so that we > can unf#$%^ ourselves. But in the meantime changes we make > don't replicate, or un-replicate. > > On a side note, our network has broken even the most > confident of men, the consultant that just left was "on top > of his game" before he worked on our network. But he left a > broken and battered man with a lot of self-doubt (and as a > good friend). > > And if the guy who 'designed' this network were still here > Roger, having what you mentioned happen to him would be the > LEAST of his worries :-). > > Thanks again, > > > > Raymond McClinnis > Network Administrator > Provident Credit Union > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Roger Seielstad > Sent: Wednesday, June 04, 2003 8:15 AM > To: '[EMAIL PROTECTED]' > Subject: RE: [ActiveDir] Replication Problems... > > There are no good topologies for a bridged WAN. Including the > time I saw a three building campus bridged by OC3 (155MBps) > lines. Performance was still an issue. > > Is there any logical segmentation that can be done, such as > each office has its own block of IPs? That would allow you to > create AD Sites and use that to control replication traffic. > Without that, I'd say you're screwed. > > I do think you should have your network engineer fired, then > shot, hung, and sent to the Russian Front! > > Roger > -------------------------------------------------------------- > Roger D. Seielstad - MTS MCSE MS-MVP > Sr. Systems Administrator > Inovis Inc. > > > > -----Original Message----- > > From: Raymond McClinnis [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, June 04, 2003 11:06 AM > > To: [EMAIL PROTECTED] > > Subject: [ActiveDir] Replication Problems... > > > > > > Hello all, > > > > Does anyone know a good topology for a bridged WAN. Once everyone > > picks > > up their jaws, I'll continue. We have approximately 18 DC's > > at remote > > sites on various low bandwidth lines (from 384K to T-1). By > > default all the servers are trying to talk to each other and > > there have been instances of us removing users from groups > > and the user returning to the group. > > > > I had thought of pointing all the remote controllers to the > DC's here > > at HQ. and having the ones here at HQ talk amongst themselves. Is > > this a good idea, or is there a better solution. I appreciate any > > input y'all can give me. > > > > > > Thanks in Advance, > > > > Raymond McClinnis > > Network Administrator > > Provident Credit Union > > > > List info : http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > List info : > http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > List info : > http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
