RE: [ActiveDir] Site Configurations and SMS2003

[Rich Milburn]

Title: Message

Yeah – I’ve had situations where 10 people were at a site with AutoCAD and we needed to put a file/print server out there for the 50MB file issue, and we put a DC since it was a demand-dial ISDN that tended to go down.  We were going to a forced scenario with a single server farm regardless of WAN connections, mandated relocation of servers (by management types) and some of these sites had 800 people across a 2MB connection.  This was my first situation where AD sites became an issue – there were to be no (0) servers at these remote sites, and while I thought it was cleaner to make each physical WAN-connected enclave its own AD site (partly because I knew the no-outlying-servers mandate would be short-lived), I was overruled by an MS consultant and his buddy, who said you never need or want to define sites where you don’t have DCs.  Actually that was 2 MS consultants, but to be fair this was in 2001 and maybe site design tended to a different philosophy at MS than it does now?  We would have had a couple of hundred sites instead of 16 if we had defined each enclave as a site, but I left before they actually started building the design so I have no idea how it played out. Anyway I digress.  J   Rich   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Roger Seielstad Sent: Thursday, February 19, 2004 9:32 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Site Configurations and SMS2003   Actually, my site design philosophy is a bit like this:   All locations with permanent WAN connections get local File, Print and DHCP. Generally my break even point for a local DC is 35-50 people, depending on what they actually do in that site (like 50 sales people or 35 software engineers).   File and print can be dog slow across a WAN, especially when they print 50MB PDF's - remember that if your print server is across the WAN, you're pushing that data across twice, not once.   Roger -------------------------------------------------------------- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -----Original Message----- From: Rich Milburn [mailto:[EMAIL PROTECTED] Sent: Thursday, February 19, 2004 9:30 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Site Configurations and SMS2003 I have to apologize, I oversimplified things... in AD with its current implementation, if there's no domain controller in a site, there's no replication to that site (right??).  And I've generally gone by the principle that if you need resource servers in a site then you want a DC there too... so if there's no DC, there's no file server, i.e. info left out of my statement.  In SMS you can use SMS sites to control how clients download their packages, and now you're talking client-server instead of server-server use of sites.  Sorry for leaving the impression AD sites only dealt with replication... J   Rich   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Roger Seielstad Sent: Thursday, February 19, 2004 8:01 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Site Configurations and SMS2003   But oh my friend, sites are used for more than just replication. They're used for controlling a lot of AD integrated configurations. For instance, DFS trees use AD Sites to find the "local" replica, they're used for controlling where the clients authenticate, etc.   Roger-------------------------------------------------------------- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -----Original Message----- From: Rich Milburn [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 18, 2004 12:39 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Site Configurations and SMS2003 I've heard the same thing - with AD it doesn't make any sense to have a site that doesn't have a DC in it - sites are used for replication and if there's nothing to replicate to in a site then why would you create an AD site? But with SMS, you can define SMS Site Boundaries and Roaming Boundaries with either subnets or AD Sites... guess which is easier to do for the SMS admin?  So if the AD admins create a site for every area you'll have a DP in, then it makes it easy to set up boundaries.  That is, it's easy if you trust that they are putting the right subnets in the right AD sites, and you get the right AD sites in the right SMS assignment boxes and spell them correctly.  Barring all that, you could just add the subnets in the appropriate places in SMS and ignore the AD sites. Rich _____________________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of John McGlinchey Sent: Wednesday, February 18, 2004 10:49 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Site Configurations and SMS2003 Sites are a collection of "Well Connected" subnets.  That said, one persons definition of "well connected" can be completely different from another's. It really depends upon the bandwidth and network utilization between locations on your network.  On some site designs I've set every location to be a site no matter what the bandwidth while on others I have groups locations together into a single site where bandwidth was "good enough" and the load put onto the network was deemed to be minimal.  So, the answer is, it depends!   I would think that adding SMS would make you rethink how you have grouped your sites to optimize the use of the SMS distribution points.  Too many users hitting the distribution points will put a significant load on the location to location links and that would move you towards defining a location to be in a separate site. Just my $.02.  Coming out of lurking mode.  Great list. Thanks for being here. John McGlinchey, MCSA, MCSE, CCNA Bristol-Myers Squibb Company   _____________________________________________ From:   [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]  On Behalf Of Ayers, Diane Sent:   Wednesday, February 18, 2004 11:18 AM To:     [EMAIL PROTECTED] Subject:        [ActiveDir] Site Configurations and SMS2003 All: I know that this is somewhat off topic (SMS) but I had a recent conversation with some folks in regards to AD and SMS 2003. We are looking at possibly deploying SMS 2003 and looking at some deployment scenarios.  Anyway the conversation turn to the AD sites and what is the best configuration for sites in an organization. Briefly we have a highly connected backbone with DCs spread around key nodes on this backbone to support the geographical locations spurred off of this backbone.  We developed our AD sites around these nodes (5 geo locations, 5 AD sites) with all the "downstream" geographic locations for each DC being rolled into the site. It was recommend that we make each geographic location that are rolled up to the main sites we have now a separate site in AD irregardless if this geographic location has DC or not.   Site connectors would be built between those sites that have DCs and for those sites that don't have DCs, we'd have to go in and hack the  _kerberos._tcp.<site name>._sites and the  _ldap._tcp.<site name>._sites SRV  records so that they would refer to the correct DC.   I'm still trying to grasp the nuances of sites in AD but this seemed to be an usual approach to sites in AD.  Granted that SMS 2003 does bring some twists to the picture as a client will need to identify a distribution point from it's AD site.  We have over 200 individual geographic sites with approx 180 software distribution boxes that we'd make distribution points.  That would translate to 180 AD sites (sites mapped to distribution points).  My basic understanding of sites is that the should be built around DCs. This is a simply summary of what was discussed but I was wondering if there was some opinions one way or another over the best way to approach sites in AD.  Obviously each case is different but wanted to capture folks thoughts. Diane   -------APPLEBEE'S INTERNATIONAL, INC. CONFIDENTIALITY NOTICE-------  PRIVILEGED / CONFIDENTIAL INFORMATION may be contained in this message or any attachments. This information is strictly confidential and may be subject to attorney-client privilege. This message is intended only for the use of the named addressee. If you are not the intended recipient of this message, unauthorized forwarding, printing, copying, distribution, or using such information is strictly prohibited and may be unlawful. If you have received this in error, you should kindly notify the sender by reply e-mail and immediately destroy this message. Unauthorized interception of this e-mail is a violation of federal criminal law. Applebee's International, Inc. reserves the right to monitor and review the content of all messages sent to and from this e-mail address. Messages sent to or from this e-mail address may be stored on the Applebee's International, Inc. e-mail system. -------APPLEBEE'S INTERNATIONAL, INC. CONFIDENTIALITY NOTICE------- PRIVILEGED / CONFIDENTIAL INFORMATION may be contained in this message or any attachments. This information is strictly confidential and may be subject to attorney-client privilege. This message is intended only for the use of the named addressee. If you are not the intended recipient of this message, unauthorized forwarding, printing, copying, distribution, or using such information is strictly prohibited and may be unlawful. If you have received this in error, you should kindly notify the sender by reply e-mail and immediately destroy this message. Unauthorized interception of this e-mail is a violation of federal criminal law. Applebee's International, Inc. reserves the right to monitor and review the content of all messages sent to and from this e-mail address. Messages sent to or from this e-mail address may be stored on the Applebee's International, Inc. e-mail system. -------APPLEBEE'S INTERNATIONAL, INC. CONFIDENTIALITY NOTICE------- PRIVILEGED / CONFIDENTIAL INFORMATION may be contained in this message or any attachments. This information is strictly confidential and may be subject to attorney-client privilege. This message is intended only for the use of the named addressee. If you are not the intended recipient of this message, unauthorized forwarding, printing, copying, distribution, or using such information is strictly prohibited and may be unlawful. If you have received this in error, you should kindly notify the sender by reply e-mail and immediately destroy this message. Unauthorized interception of this e-mail is a violation of federal criminal law. Applebee's International, Inc. reserves the right to monitor and review the content of all messages sent to and from this e-mail address. Messages sent to or from this e-mail address may be stored on the Applebee's International, Inc. e-mail system.