Re: [ActiveDir] Replication Problems...

[John Witasick]

If he can create sites, then couldn't he create a site link from his remote offices to his HQ, and disable site link bridging.  This would let him leave his KCC active.   John Witasick Project Manager - Windows Networking Services Group ----- Original Message ----- From: Gil Kirkpatrick To: '[EMAIL PROTECTED]' Sent: Wednesday, June 04, 2003 5:05 PM Subject: RE: [ActiveDir] Replication Problems... >From Raymonds original post: == We do, at least, have each of our remote sites with a different IP range since the network USED to be routed (long story short, our core processor uses a serial printing protocol that was not routable at the time) == So I assume he could, without too much effort, create sites using the appropriate masks. The traffic still wouldn't be routed, but at least AD could group DCs into physical locations. -g -----Original Message----- From: Fugleberg, David A [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 04, 2003 1:46 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Replication Problems... If it's really bridged, as in one big, happy IP subnet, how would you create sites ?  Maybe I'm just confused...happens a lot lately. Dave -----Original Message----- From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 04, 2003 3:03 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Replication Problems... I *think* the default is 300 minutes, but can be configured down as low as 15 minutes. -------------------------------------------------------------- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. > -----Original Message----- > From: Gil Kirkpatrick [mailto:[EMAIL PROTECTED] > Sent: Wednesday, June 04, 2003 3:49 PM > To: '[EMAIL PROTECTED]' > Subject: RE: [ActiveDir] Replication Problems... > > > Raymond, > > If you can set up meaningful sites (which I guess you can), > then a potential strategy would be to disable the ISTG at > each site and set up manual connections between the remote > sites and one or more DCs at HQ. Ideally you would run DNS on > each of the DCs as well so that clients would keep DC > location traffic local. The only trick then would be to make > sure that when a DC fails at a remote site that the clients > would select a DC at HQ for authentication, instead of any > random DC on the network. I wrote an article for Windows&.NET > magazine a few months ago about this topic; it was in the > March issue I think. There's a copy you can D/L from our > website: > http://www.netpro.com/forum/files/authentication_topology.pdf. > > The replication schedule between sites is by default every 15 > minutes; not quie immediate, but good enough for most > purposes. Its configurable by defining the schedule on the > connection object in AD Sites&Services. > > HTH, > > -gil > > > > -----Original Message----- > From: Raymond McClinnis [mailto:[EMAIL PROTECTED] > Sent: Wednesday, June 04, 2003 11:50 AM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Replication Problems... > > > Gil, > > That's kind of what I was asking.  I was thinking I could > just have all of the remote DC's pull from the DC's here at > HQ, I just wasn't sure what problems I might run into.  MS > recommends using a site for each remote which makes sense, > but I wasn't clear on the time periods that sync would occur > during, or whether immediate changes would indeed be immediate. > > > Thanks, > > Raymond > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Gil > Kirkpatrick > Sent: Wednesday, June 04, 2003 10:59 AM > To: '[EMAIL PROTECTED]' > Subject: RE: [ActiveDir] Replication Problems... > > Raymond, Roger, > > Perhaps I'm missing the significance of a "bridged WAN", but > why not disable the KCC and create your own connection > objects to control which DCs replicate with each other? > > -gil > > -----Original Message----- > From: Raymond McClinnis [mailto:[EMAIL PROTECTED] > Sent: Wednesday, June 04, 2003 9:06 AM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Replication Problems... > > > We do, at least, have each of our remote sites with a > different IP range since the network USED to be routed (long > story short, our core processor uses a serial printing > protocol that was not routable at the > time)  We are redesigning the network this year so that we > can unf#$%^ ourselves.  But in the meantime changes we make > don't replicate, or un-replicate. > > On a side note, our network has broken even the most > confident of men, the consultant that just left was "on top > of his game" before he worked on our network.  But he left a > broken and battered man with a lot of self-doubt (and as a > good friend).  > > And if the guy who 'designed' this network were still here > Roger, having what you mentioned happen to him would be the > LEAST of his worries :-). > > Thanks again, > > > > Raymond McClinnis > Network Administrator > Provident Credit Union > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Roger Seielstad > Sent: Wednesday, June 04, 2003 8:15 AM > To: '[EMAIL PROTECTED]' > Subject: RE: [ActiveDir] Replication Problems... > > There are no good topologies for a bridged WAN. Including the > time I saw a three building campus bridged by OC3 (155MBps) > lines. Performance was still an issue. > > Is there any logical segmentation that can be done, such as > each office has its own block of IPs? That would allow you to > create AD Sites and use that to control replication traffic. > Without that, I'd say you're screwed. > > I do think you should have your network engineer fired, then > shot, hung, and sent to the Russian Front! > > Roger > -------------------------------------------------------------- > Roger D. Seielstad - MTS MCSE MS-MVP > Sr. Systems Administrator > Inovis Inc. > > > > -----Original Message----- > > From: Raymond McClinnis [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, June 04, 2003 11:06 AM > > To: [EMAIL PROTECTED] > > Subject: [ActiveDir] Replication Problems... > > > > > > Hello all, > > > > Does anyone know a good topology for a bridged WAN.  Once everyone > > picks > > up their jaws, I'll continue.   We have approximately 18 DC's > > at remote > > sites on various low bandwidth lines (from 384K to T-1).  By default > > all the servers are trying to talk to each other and there have been > > instances of us removing users from groups and the user returning to > > the group. > > > > I had thought of pointing all the remote controllers to the > DC's here > > at HQ.  and having the ones here at HQ talk amongst themselves.  Is > > this a good idea, or is there a better solution.  I appreciate any > > input y'all can give me. > > > > > > Thanks in Advance, > > > > Raymond McClinnis > > Network Administrator > > Provident Credit Union > > > > List info   : http://www.activedir.org/mail_list.htm > > List FAQ    : http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > List info   : http://www.activedir.org/mail_list.htm > List FAQ    : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > List info   : > http://www.activedir.org/mail_list.htm > List FAQ    : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > List info   : > http://www.activedir.org/mail_list.htm > List FAQ    : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > List info   : > http://www.activedir.org/mail_list.htm > List FAQ    : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > List info   : > http://www.activedir.org/mail_list.htm > List FAQ    : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > List info   : http://www.activedir.org/mail_list.htm List FAQ    : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info   : http://www.activedir.org/mail_list.htm List FAQ    : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info   : http://www.activedir.org/mail_list.htm List FAQ    : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This E-mail, including any attachments, may be intended solely for the personal and confidential use of the sender and recipient (s) named above. This message may include advisory, consultative and/or deliberative material and, as such, would be privileged and confidential and not a public document. Any Information in this e-mail identifying a client of the department of Human Services is confidential. If you have received this e-mail in error, you must not review, transmit, convert to hard copy, copy, use or disseminate this e-mail or any attachments to it and you must delete this message. You are requested to notify the sender by return e-mail.