Title: Message
One would wonder why they did this at all... Possibly
support for future functionality? Because as of right now, if a client logs onto
a specific DC, that DC should also have the SYSVOL right there...
joe
actually, the SYSVOL folder is "just another" share
redirected via DFS (which also allows the folder to be replicated via
FRS...).
I've never really thought about it, but Jorge's comment
makes sense, as in a Win2k DFS hierarchy the client will receive a list of
link-targets from a DFS server (every DC is a DFS server for SYSVOL) listing the
links of the same site as the client at the top of the list - any other DFS
link-targets in AD will be randomly ordered (was changed in Win2k3). The DFS
client would then check the list from the top until it finds an
available target - usually the one in the same site as the
client.
In the example given, there are no DFS link-targets (SYSVOL
in this case) available in a site of the client, so that it would be natural to
choose any target, i.e. any DC to access SYSVOL (even if a specific DC had been
found to authenticate the user/machine). I guess everyone expects the
client to use the same DC as the one found in DNS for authentication - would be
worth a test to see if this is really the case. If you've already tested
this, it would be good to hear some more about it.
If you have a Win2k3
DFS server (or DC, once the domain is upgraded), the list returned from the DFS
server still lists the links of the same site as the client at the top of the
list, but then lists the other DFS links in an order that respects the site-link
costs from the client to the other link targets when adding the targets to the
list... So that would mostly solve the problem for you, at least in a
star-toplology - but this shouldn't be your main driver to upgrade to
2003... ;-)
/Guido
The DC
locator process is the job of DNS. Your zone records will contain the site-wide
and domain-wide list of Domain Controllers. When a client tries to contact a DC,
it looks first of all at the site-wide list in DNS and tries to contact a DC in
it's own site. If this fails it will select one at random from the domain-wide
list.
What
is required here is some DNS tinkering, you need to manually delete the remote
DC records from the domain-wide list on the branch office DNS
server.
eg
Main
Site DNS server:
Site-wide list contains SRV records for DC's in the main
site
Domain-wide list contains SRV records for every DC in the
domain
Branch
DNS server 1:
Site-wide list contains SRV records for DC's in branch site
1
Domain-wide list
contains SRV records for every DC in site 1 and the main
site
Branch DNS server 2:
Site-wide list
contains SRV records for DC's in branch site 2
Domain-wide list contains SRV records for every DC in
site 2 and the main
site
With this scenario, clients
in the remote sites can only contact DC's in their own site or in the main site,
not in another branch site which I think is what you are
after.
Hi Everyone,
In a large AD network
(W2K SP3 + hotfixes) only the HUB DCs register the domain-specific SRV RRs and
all DCs register the site-specific SRV RRs. When all DCs in a site fail the
HUB DCs are contacted. Works as expected, at least for AD info. For SYSVOL
info this does not work. When all DCs in a site fail the client enumerates all
DCs that host the SYSVOL and it picks the first DC in the list (which is
randomly created).
Is there any way to
configure DCs so that the following situation exist:
* All DCs provide SYSVOL info
for the clients in their respective site
* Only the HUB DCs provide
SYSVOL info to clients in a specific site when all the DCs in that site are
unavailable
Any comment on this
appreciated
Thanx!
Regards,
Jorge
Met vriendelijke
groet / Kind regards,
Jorge de Almeida
Pinto
Infrastructure Consultant
__________________________________________
<<...OLE_Obj...>>
LogicaCMG
Nederland B.V. (BU SD/AT)
Division Industry, Distribution and Transport
(ID&T)
Kennedyplein 248, 5611 ZT, Eindhoven
. Postbus 7089
5605 JB Eindhoven
( Tel
: +31-(0)40-2957777
2 Fax :
+31-(0)40-2957709
( Mobile :
+31-(0)6-29067977
* E-mail :
[EMAIL PROTECTED]
" <http://www.logicacmg.com/> - Solutions that matter
-
This e-mail and any attachment is for authorised use by the
intended recipient(s) only. It may contain proprietary material, confidential
information and/or be subject to legal privilege. It should not be copied,
disclosed to, retained or used by, any other party. If you are not an intended
recipient then please promptly delete this e-mail and any attachment and all
copies and inform the sender. Thank you.
