Right off the bat, smack the person who said to hack the dns entries... Hard. If that recommendation came from MS please let me know offline as I want to pass it up the line as that isn't good advice to be giving out. Anytime someone wants to take something automatic and make it manual, it is generally not good and crutching something that is misdesigned or misunderstood. Either way, something needs fixed.
If you build the topology correctly in sites and services then you don't have to hack anything, the proper DC will cover the proper sites automagically. I pretty much always set up specific sites for every location whether they have a DC or not. Both to keep them logically separate but also because I figured "some day" MS or someone else would say... why heck, we have all of this info for site location already... let's use it. Logical progression. Sounds like from the quick read that I did that you want to set up a standard hub and spoke topology with some 5 hubs. You interconnect the hubs with site links (probably a mesh), then you set up site links from each wan site back to the hub site it should be tied to and disable automatic site link bridging [1] so the KDC doesn't have nightmares. The sites will either use the local DC or the DC that is closest via the site link back to the hub. If they did SMS correctly, you should just be able to drop in the SMS Servers and the machines that should use them should find them logically. joe [1] Make your site links intransitive. > _____________________________________________ > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Ayers, Diane > Sent: Wednesday, February 18, 2004 11:18 AM > To: [EMAIL PROTECTED] > Subject: [ActiveDir] Site Configurations and SMS2003 > > All: > > I know that this is somewhat off topic (SMS) but I had a recent > conversation with some folks in regards to AD and SMS 2003. We are looking > at possibly deploying SMS 2003 and looking at some deployment scenarios. > Anyway the conversation turn to the AD sites and what is the best > configuration for sites in an organization. > > Briefly we have a highly connected backbone with DCs spread around key > nodes on this backbone to support the geographical locations spurred off > of this backbone. We developed our AD sites around these nodes (5 geo > locations, 5 AD sites) with all the "downstream" geographic locations for > each DC being rolled into the site. > > It was recommend that we make each geographic location that are rolled up > to the main sites we have now a separate site in AD irregardless if this > geographic location has DC or not. Site connectors would be built > between those sites that have DCs and for those sites that don't have DCs, > we'd have to go in and hack the _kerberos._tcp.<site name>._sites and the > _ldap._tcp.<site name>._sites SRV records so that they would refer to the > correct DC. > > I'm still trying to grasp the nuances of sites in AD but this seemed to be > an usual approach to sites in AD. Granted that SMS 2003 does bring some > twists to the picture as a client will need to identify a distribution > point from it's AD site. We have over 200 individual geographic sites > with approx 180 software distribution boxes that we'd make distribution > points. That would translate to 180 AD sites (sites mapped to > distribution points). My basic understanding of sites is that the should > be built around DCs. > > This is a simply summary of what was discussed but I was wondering if > there was some opinions one way or another over the best way to approach > sites in AD. Obviously each case is different but wanted to capture folks > thoughts. > > Diane > >
<<attachment: winmail.dat>>
