Ah, so you firewall your sites. Yep, bridgeheads are needed
then. Do you guys use the internet for part pf your network or share it with
other agencies and so are fussy and firewall your internal network? I was
just chatting with some MCS friends of mine about a company they have been
working with lately that is a bomb waiting to go off as it in an internal
network with firewalls between sites with rulesets on the firewalls that are
really confusing and a support nightmare. I believe they were using all
checkpoint firewalls and just walking through the rulesets was a fun job.
With 2K, you will get one bridgehead at a time for each
replicating partition. I.E. Replication to Parent Domain DCs will go
through Parent Domain DCs, you can't send parent replication through a child
bridgehead. You could however send parent GC partition replication through
a child GC bridgehead to a grandchild GC
bridgehead.
Now K3 by default is supposed to load balance
connections, I have not seen it, but I expect it would do that if you specified
two bridgeheads in a site.
As for displaying bridgeheads, you can easily display the
preferred bridgeheads by looking at the bridgeheadTransportList attribute on the
server objects in the config container. As to which DC is the current active
bridgehead, I recall asking the guy who wrote the
iadstools.dll about this previously back in like 2000 and it is a
matter of enumerating all of the connections in the entire topology and figuring
it out from that. One of the bridgeheads I guess is picked, and then the rest of
the connections just sprout up from there. I haven't seen a more techie
explanation. I have noticed though that in a large environment, more than one DC
will be used for the bridgehead for a single partition or possibly it was that I
would look as it was switching from one to another.
There is a tool MS has called ADLB that will load balance
your connections. There were some issues with the early versions in its
selecting of DCs to use for the various types of partition replication (i.e.
using GCs for what should be DC connections) but I believe those are all worked
out now). It will work with 2K but with some limitations. ADLB is in the 2K3
reskit tools which can be downloaded here:
joe
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Thommes, Michael M.
Sent: Friday, July 09, 2004 10:53 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] displaying multiple preferred bridgehead servers?
Hi
Joe,
The bridgehead servers are designated to satisfy my
security guys so that a minimum number of firewall conduits need to be defined
for DCs in separate sites. The recent addition of a second bridgehead
server was at the suggestion of my co-worker who likes redundancy.
8-)
Mike
Thommes
-----Original Message-----
From: joe [mailto:[EMAIL PROTECTED]
Sent: Thursday, July 08, 2004 9:26 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] displaying multiple preferred bridgehead servers?Is there a reason you are configuring any servers specifically to be bridgeheads or are you doing it because someone said you should?joe
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Thommes, Michael M.
Sent: Saturday, June 26, 2004 9:17 AM
To: Active Directory Mailing List (E-mail)
Subject: [ActiveDir] displaying multiple preferred bridgehead servers?Yesterday I made one of my root domain controllers a bridgehead server. It joins the first bridgehead server that I created early on with another root domain controller. The enterprise dcdiag report I run each morning shows no indication of the new bridgehead server. I read (http://www.winnetmag.com/Article/ArticleID/13420/13420.html) where you can have multiple bridgehead servers but only one of the servers is active at a time. I also see using the replmon utilty/view_enterprise_bridgehead_servers that only my first bridgehead server shows up. I would think that both should show with maybe some mark indicating active/non-active state. My site also has another bridgehead server and it does show up but it belongs to a child domain. Should that make a difference? Has anyone experienced this situation before? I am expecting too much? Am I misconfigured? TIA!Mike Thommes
