1)
AFAIK, Site is a active directory specific concept, and AD is Directory (LDAP), Authentication server (Kerberos) etc. These services are published by AD in DNS thru SRV records in _sites._msdcs for each site and it covers them all... (LDAP,DC,GC,Kerberos,Kpassword)
so I was curious what applications would actually just read sitename from AD and look for a service not offered by DC in that site? AD based distributed applications (other than exchange) ?
2)
DNS priorities, I know by default, its only possible per DC basis thru registry.
DNS priorities, I know by default, its only possible per DC basis thru registry.
I was hoping it was more customizable, even if it was not officially documented.
Basically we do have hub and spoke stuff. We have central hub and then at its spokes regional hubs and at their spoke individual remote sites. (This is highly simplified, as there are load balancing links across regions, away from central hub, so I would say its a mash between center and regional sites and than hub and spokes at region and remote sites)
Now, in case of DC failure at remote site, clients would go to any regional or Central hub DC, and not necessarily its nearest regional hub DC.
With priority only per DC basis, I would have to create mess of priorities to achieve what I want. And it would be complex.
One solution I thought was to publish regional hub DCs in their spoke DCs with lower priority
This would surely give me some control, on where remote sites go for authentication. But this would not help cover DC failure at region level.
Basically, I want to totally control the list of DCs referred to clients at each site and in what order they are referred. So, per DC per Site priority setting would have been ideal.
I am open to other possible solutions.
--
Kamlesh
On 12/31/05, Almeida Pinto, Jorge de <[EMAIL PROTECTED]> wrote:
"_sites.dc._msdcs.DNSDomainName" is for locating a DC (hence the _msdcs) that hosts a certain service in a certain site
"_sites.DnsDomainName" is for locating a SERVER (does not need to be a DC) that hosts a certain service in a certain site
for more info on service resource records see:
http://www.microsoft.com/resources/documentation/Windows/2000/server/reskit/en-us/Default.asp?url="">
DNS priorities are on a per DC basis, and not on a per DC per site basis.
It is not possible to configure a different priority for the same DC covering another site.
Why do you want to do that?
if clients cannot find a DC in a site by querying for _ldap._tcp.SiteName._sites.DnsDomainName
the client will search for a DC in the domain by querying for _ldap._tcp.dc._msdcs.DnsDomainName
If you have a hub-and-spoke site topology it is OK to configure all spoke DCs (branches) NOT to register domain wide DC locator records and only let HUB DCs register those records
Jorge
________________________________
From: [EMAIL PROTECTED] on behalf of Kamlesh Parmar
Sent: Fri 2005-12-30 22:42
To: [email protected]
Subject: [ActiveDir] DNS SRV records
>From my limited knowledge of how AD uses SRV records, I have two queries.
1)
Why we need separate _sites.DnsDomainName child domain when we have
_sites.dc._msdcs.DNSDomainName child domain populated?
And I guess that only later is used by clients to find the site specific DC for authentication.
Which other applications would need site specific but generic SRV records (former ones) ??
2)
How to publish DC1 in site1 into remote site site2 with different priority than its own site site1?
i.e.
DC1 site1 priority=0
DC1 site2 priority=10
DC2 site1 priority=10
DC2 site2 priority=0
By the way,
Happy New Year to you all.
--
Kamlesh
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Be the change you want to see in the World"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Be the change you want to see in the World"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
