RE: [ActiveDir] AD Lag Sites

[Myrick, Todd \(NIH/CC/DNA\) [E]]

Agreed.   Not a big fan of the “Lag-Site”, I think it potentially has the ability to create more problems.  At least MS added some limited functionality in 2003, now if they would just finish the job in Vista this topic might goto rest.  (Are you there Stewart?)   I do see value in Creative Subnetting, when it comes to establishing multiple sites on a physical network segment to get the KCC to replicate in a more deterministic manner.  Fun to do in the classroom too when teaching subnetting.   Todd Myrick   From: Almeida Pinto, Jorge de [mailto:[EMAIL PROTECTED] Sent: Friday, March 03, 2006 11:17 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] AD Lag Sites   7 lag sites? holy sh*t! would it be much cheaper to use a solution that can undelete the deleted objects and restore (push back) the attributes? jorge From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ulf B. Simon-Weidner Sent: Friday, March 03, 2006 16:59 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] AD Lag Sites As Jorge mentioned you do not have to follow your physical subnets for Lag-Sites. Usually you would use that as a guideline, but for lag-sites you can do a sub-subnetting. AD replication does not care about the physical structure or TCP/IP-Settings (Subnetmask, Def-Gateway) - it just cares what you have configured in the sites, subnets and what IP the DC is using. So you can in a 10.1.x.x network you could configure all servers with 10.1.x.x IP-Adresses with a Subnet-Mask of 255.255.0.0, however you keep all servers in one lagsite in the same "virtual subnet" 10.1.9.x and all production Servers in 10.1.1.x - 10.1.8.x. Remember that all have the default gateway and subnet mask for 10.1.x.x. But now you create the virtual subnets in AD, and join 10.1.1.x - 10.1.8.x to the production site, and 10.1.9.x to the lag-site. AD-Replication will do what you wanted it to do, even without the need for routing.   However - and this was the main reason why I wanted to follow up on this - remember that one lag-site might not be enough. Imagine you configure your lag-site to replicate every thursday 6pm. So if someone makes an error deleting a whole OU on e.g. Tuesday, you are recognizing it on Wednesday and are able to rollback this OU (authoritative restore on the lag site, then force replication). However if someone deletes a OU on thursday, and you recognize it on friday (or even thursday 7pm) you have to restore a server from tape first, because your only lag-site has already replicated that deletion.   What I prefer is creating two lag-sites, one which replicates in the middle of the week and one which replicates on the weekend. No matter when the error will be performed (even right before replication of one of the lag-sites), we always have a at least half week old copy of the AD in the one of the Lag-Site. And I've even heard from someone using seven lag-sites for every day in the week. Perhaps he's jumping into this thread later ;-)   Gruesse - Sincerely, Ulf B. Simon-Weidner   MVP-Book "Windows XP - Die Expertentipps": http://tinyurl.com/44zcz   Weblog: http://msmvps.org/UlfBSimonWeidner   Website: http://www.windowsserverfaq.org   Profile:   http://mvp.support.microsoft.com/profile="">        From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Frank Abagnale Sent: Friday, March 03, 2006 4:29 PM To: Active Subject: [ActiveDir] AD Lag Sites Single Forest, Single Domain, W2K3 FFL   I am thinking about setting up a lag site for DR purposes.   Just for clarification purposes, would I need a separate IP subnet i.e IP subnet that isn't assigned to any other site in AD to create this?   All my existing IP Subnets are assigned to existing Sites which are used for normal replication, so I am assuming my question will result in a yes.   Does anyone have any recommended guides to follow   thanks frank Relax. Yahoo! Mail virus scanning helps detect nasty viruses!