Always good advice. You can read some details and the registry keys about it here (for 2000 in this case): http://www.microsoft.com/technet/archive/windows2000serv/technologies/active directory/deploy/adguide/adplan/adpch02.mspx
I would have to say to the original poster's question that the likely failure results more from lack of DNS resolution than lack of a DC/GC since one exists in site B or C most likely (that should be checked of course). Which leads to an interesting design issue that often gets missed. If you configured your clients to only use the local AD integrated DNS thinking you were saving bandwidth, then you would fail if the DC were down. That would be self-defeating although you would "technically" be saving bandwidth. I think as David points out, it's best to configure some controls in there and cause it to use a known path vs. using something in a different site that may be across a slow link, if possible. My $0.04 worth anyway. -ajm -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Fugleberg, David A Sent: Wednesday, March 30, 2005 4:12 PM To: [email protected] Subject: RE: [ActiveDir] AD Site Confusion A common thing to do in a 'hub and spoke' network is to configure the DCs in 'spoke' sites to NOT register domain-wide SRV records. That way, if the DC in a spoke site goes down, the client will discover domain-wide SRV records for only DCs in the hub site. This prevents the client from authenticating to a DC in some other spoke site. If the hub-to-spoke links are relatively slow, this can make a big difference, as it has to traverse only one slow link instead of two. Dave -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Tuesday, March 29, 2005 11:26 PM To: [email protected] Subject: RE: [ActiveDir] AD Site Confusion Jorge keeps saying it in different ways and I think people are missing the point... The coverage of neighboring sites occurs when there is no DC in the site, it doesn't occur when a site's DCs are down. This is all keyed off of the site containers in the configuration. I have seen DCs being promoed into a Domain in a site and the DCs from other sites unregistering their records in that site before the DC is even promoed up, all because the server object in the site already replicated around. So as Jorge as said.... Look up local site DCs by DNS queries to Site based entries for the domain. If none of those DCs are cool, ask for the global list of all DCs for the domain and use one of those. It isn't the most efficient and you will find odd things like clients in Florida hitting DCs in Seattle when there is another DC in another city in Florida that would be better to use. The idea seems to be if you can't use a DC in your site, screw it, use any DC that responds. This is one of the reasons why Exchange doesn't really use the standard mechanism for DC/GC service location. They walk the metrics of the site connections trying to find the closest. joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jorge de Almeida Pinto Sent: Tuesday, March 29, 2005 6:08 AM To: [email protected] Subject: RE: [ActiveDir] AD Site Confusion Hi Neil, Presuming the clients somehow have access to DNS (preferred or alternate) they will first try to reach the DCs in their own site (site A). As all DCs are down in site A the clients then will ask for all DCs in the domain that have registered the domain specific DNS records. For more info on this see: * http://www.windowsitpro.com/Articles/Print.cfm?ArticleID=37935 Authentication Topology by Gil Kirkpatrick * http://www.windowsitpro.com/Windows/Article/ArticleID/40718/40718.html Designing for DC Failover by Sean Deuby Autositecoverage only works for DC-less sites. So yes, it behaves differently for situation 1 (autositecoverage will occur) and 2 (no autositecoverage will occur) Cheers Jorge -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ruston, Neil Sent: dinsdag 29 maart 2005 11:56 To: '[email protected]' Subject: RE: [ActiveDir] AD Site Confusion Thanks Jorge. Are you implying that the answer to the original question is therefore 'no'? This has huge ramifications in the branch office. Or did I simply explain how the answer is 'yes', but for the wrong reasons?? Are you also saying that DCs (and sitecoverage) handle the following 2 scenarios in different ways: 1. No DCs installed in some site 2. DCs installed in some site but non available Can you expand on your previous post please? Thanks, neil -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jorge de Almeida Pinto Sent: 29 March 2005 10:21 To: [email protected] Subject: RE: [ActiveDir] AD Site Confusion I think that's incorrect if you're talking about autositecoverage. Autositecoverage by DCs from some domain for some site will only occur if some site has no DCs from that same domain. Although DCs are down and not available, the DCs in other sites in the same domain see in their own replica that that site has DCs and autositecoverage will occur. Sitecoverage will occur by other DCs if you configured it manually through the registry or a GPO Cheers, Jorge -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ruston, Neil Sent: Tuesday, March 29, 2005 09:25 To: '[email protected]' Subject: RE: [ActiveDir] AD Site Confusion Depending upon your site links, DCs in either site B or C will advertise themselves as available to site A. The DCs in the site with lowest cost to site A will perform this role. What do you mean by 'take down'? Are you taking a WAN link down or powering off the DCs or demoting them or what? neil -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Brown Sent: 28 March 2005 21:55 To: [email protected] Subject: [ActiveDir] AD Site Confusion I have 3 sites, site A has 2 DC's and site B & C each have 1 DC. When I take down site A (both DC's), the clients in Site A cannot log in. Shouldn't they be able to log in using site B or C? Thanks, -- Matt Brown Information Technology System Specialist Eastern Washington University List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ ======================================================================== ==== == This message is for the sole use of the intended recipient. If you received this message in error please delete it and notify us. If this message was misdirected, CSFB does not waive any confidentiality or privilege. CSFB retains and monitors electronic communications sent through its network. Instructions transmitted over this system are not binding on CSFB until they are confirmed by us. Message transmission is not guaranteed to be secure. ======================================================================== ==== == List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ ======================================================================== ==== == This message is for the sole use of the intended recipient. If you received this message in error please delete it and notify us. If this message was misdirected, CSFB does not waive any confidentiality or privilege. CSFB retains and monitors electronic communications sent through its network. Instructions transmitted over this system are not binding on CSFB until they are confirmed by us. Message transmission is not guaranteed to be secure. ======================================================================== ==== == List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
