There are also two other potential uses for a lag site: 1. It can be used for cleanly inserting and then removing a DC from a production forest for use as a seed for a lab environment. 2. It can be used for safely introducing schema changes (after testing in a lab environment).
See FAQ #22 for details: http://www.activedir.org/FAQ.aspx Tony -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ulf B. Simon-Weidner Sent: Thursday, 27 October 2005 8:36 a.m. To: [email protected] Subject: RE: [ActiveDir] AD Lag Site Keep in mind that Lag-Sites are not intended for the "I did something wrong some weeks ago" errors, they are only for "Uups - I just deleted something". And to make sure that you are able to "undelete" every object no matter when you made the mistake (e.g. one minute before replication to the lag-site) the idea of two or more lag-sites with different schedules jump in. Like the examples I provided with two sitelinks replicating once a week but half a week apart make sure that you have at least a 3.5 old version of the object in one of the lag sites. Ulf |-----Original Message----- |From: [EMAIL PROTECTED] |[mailto:[EMAIL PROTECTED] On Behalf Of |Almeida Pinto, Jorge de |Sent: Wednesday, October 26, 2005 8:08 PM |To: [email protected]; [email protected] |Subject: RE: [ActiveDir] AD Lag Site | |yes... IF the detection of the deletion is BEFORE the |replication window to the lag site. Otherwise the tombstone |will replicate to the lag site also. It is just a extra |opportunity for you to make a deletion undone without doing a |non-auth restore! | |As the object and its metadata still exists on the replica of |the DC, there is no need to do a non-auth restore. Therefore |you need to do only an auth restore so the version becomes |higher than then deleted object and the deletion is undone. |Of course you will still need to do a non-auth restore |followed by a auth restore if the detection of the deletion is |after the replication window to the lag site | |Jorge | |________________________________ | |From: [EMAIL PROTECTED] on behalf of TIROA YANN |Sent: Wed 10/26/2005 4:12 PM |To: [email protected] |Subject: RE: [ActiveDir] AD Lag Site | | |......if i understand correctly what Activedir gurus explained |to me earlier, |-> Without a lag site, you must do a non-auth restore followed |by a auth restore. |-> With a lag site, you only need to do a auth restore. | |I'm right ? :) | |Yann | |________________________________ | |De : [EMAIL PROTECTED] |[mailto:[EMAIL PROTECTED] De la part de |CHIANESE, DAVID Envoyé : mercredi 26 octobre 2005 15:59 À : |[email protected] Objet : RE: [ActiveDir] AD Lag Site | | |More so for deletion of objects so you wouldn't have to do an |authoritative restore from a backup. | | |David Chianese | | |________________________________ | |From: [EMAIL PROTECTED] |[mailto:[EMAIL PROTECTED] On Behalf Of Etts, Russell |Sent: Wednesday, October 26, 2005 9:23 AM |To: [email protected] |Subject: RE: [ActiveDir] AD Lag Site | | |I'm sorry if I sound ignorant, but what is the purpose of a |"lag site"? Is it a site that you don't replicate for a |specific period of time in so if there is a disaster, you can |get the data from the lag site?? | |Thanks | |Russ | |________________________________ | |From: [EMAIL PROTECTED] |[mailto:[EMAIL PROTECTED] On Behalf Of Ulf |B. Simon-Weidner |Sent: Tuesday, October 25, 2005 5:00 PM |To: [email protected] |Subject: RE: [ActiveDir] AD Lag Site | | |I did those too, and some other things to consider were: |* Putting them inside a virtual machine with faked Subnetting |in AD: Take a class C Network and split it in AD Sites and |Services, not TCP/IP, then you can spare the router |* Assign the site membership for the host via GPO if it is in |one of the virtual subnets of the virtual lag-dcs (depending |on the subnetting possibilities you have) |* Configure a firewall between the sites to make sure the |machienes only talk to the ones they are supposed to (if available) |* Use scripting to shut down virtual networks if available in |the times they are not supposed to replicate |* Make sure that you configure replication that it runs a |couple times during the allowed timeframe |* Configure terminal services access on the lag DCs |* Configure boot.ini to be able to boot into DSRM by changing |the default without querying for the boot.ini parameter when necessary. | |For the replication I usually configured replication every 15 |minutes (the Lag-Sites were on the same LAN), Site 1 |replicates Tuesday 10pm to Wednesday 2am, Site 2 replicates |Saturday 10am to 2pm (each 4 hrs, exactly 1/2 Week apart). | |Ulf | | |________________________________ | | From: [EMAIL PROTECTED] |[mailto:[EMAIL PROTECTED] On Behalf Of |Almeida Pinto, Jorge de | Sent: Tuesday, October 25, 2005 3:57 PM | To: [email protected] | Subject: RE: [ActiveDir] AD Lag Site | | | Hi, | Guido and Gil wrote a great ebook about recovery |whereas information about lagsites is included | Take a look at: |http://www.netpro.com/events/adrecovery/index.cfm (registration needed) | | For starters some tips: | * Place at least on DC for each domain in the lag site | * Allow the DCs in the lag site to register only the |replication record (CNAME) in the DNS zone _MSDCS.FORESTROOT | * Don't assign WINS server IP addresses for the DCs in |the lag sites | * Make sure the site link between the lag site and the |hub site has a higher cost than all other site links that |connect the hub site and other sites (reason: Exchange AD |topology discovery for the out-of-site list of DCs/GCs) | *You might want to use lag sites (e.g. 2) that |replicate in steps (1st site replicates like each 3 days and |the other each week) whereas the second lag site is connected |to the first and the first is connected to the second and the hub site | | This might be expensive though and you also might have |a look at objectrecovery tools available by third party vendors | | Cheers, | Jorge | |________________________________ | | From: [EMAIL PROTECTED] |[mailto:[EMAIL PROTECTED] On Behalf Of Shawn Hayes | Sent: Tuesday, October 25, 2005 15:31 | To: [email protected] | Subject: [ActiveDir] AD Lag Site | | | Anyone have any pointers (documentation or real life |experience) on setting up an AD Lag Site? | | Thanks in advance, | | Shawn | | | | | This e-mail and any attachment is for authorised use by |the intended recipient(s) only. It may contain proprietary |material, confidential information and/or be subject to legal |privilege. It should not be copied, disclosed to, retained or |used by, any other party. If you are not an intended recipient |then please promptly delete this e-mail and any attachment and |all copies and inform the sender. Thank you. | |List info : http://www.activedir.org/List.aspx |List FAQ : http://www.activedir.org/ListFAQ.aspx |List archive: |http://www.mail-archive.com/activedir%40mail.activedir.org/ | List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ ############################################################################# This communication, including any attachments, is confidential. If you are not the intended recipient, you should not read it - please contact me immediately, destroy it, and do not copy or use any part of this communication or disclose anything about it. Thank You. Please note that this communication does not designate an information system for the purposes of the NZ Electronic Transactions Act 2002. This email has been scanned for Viruses and Content and cleared by NetIQ MailMarshal at Gen-i. ############################################################################# List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
